Software and education secure Salvation Army from USB

News

Software and education secure Salvation Army from USB

John-Paul Kamath

The Salvation Army has installed software to control the use of USB flash drives on its systems after discovering a rise in the number of staff plugging unauthorised memory sticks into the network.

The charity feared the rise would put data at risk because its Windows XP desktops do not offer native support for securing USB ports.

The Salvation Army has a dispersed workforce of more than 2,500 users across the country, which meant it needed a centralised method of controlling the use of USB sticks.

Martyn Croft, head of corporate systems at the Salvation Army, said the charity was securing more than 2,000 access points on its network by deploying SecureWave's Sanctuary endpoint application. This ­allows administrators to authorise or restrict the use of USB drives ­using set criteria.

However, Croft said educating users about the need for the system was crucial to making it work for the organisation.

"The security buck has to stop with the IT department, but security has to be collectively pushed throughout the organisation to the end-users - a blanket policy banning the use of USB devices is counter-productive," said Croft.

To gain the understanding and support of users, the Salvation Army has run a series of information security awareness sessions about the need to protect data.

The charity has also used a series of e-learning programmes produced by the Mid Yorkshire Chamber of Commerce and Industry. These sessions have given users a more detailed understanding of topics such as managing passwords, virus vigilance, how to back-up data and how to defend against identity and phishing threats.

"Feedback from these initiatives has been positive, and it has helped staff stay secure both in work and at home when working with IT," said Croft.

The IT department has also issued Salvation Army-branded USB sticks to employees which automatically encrypt any data stored on them.

"We have ensured we create a policy whereby if you do store data on a USB device, you have a duty of care to that data," said Croft.

Security risks of USB drives >>

Device security control and security of portable devices >>

Mid Yorkshire Chamber of Commerce and Industry website >>

Salvation Army website >>

David Lacey’s security blog
The latest ideas, best practices, and business issues associated with managing security

Comment on this article: e-mail computer.weekly@rbi.co.uk


Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
 

COMMENTS powered by Disqus  //  Commenting policy