How not to prevent data theft

There’s some information available about how the insider fraud at Countrywide that I mentioned on this blog a few days ago was performed. See here.

…in an effort to prevent users from loading unauthorized data onto memory sticks or other portable storage media, Countrywide had sealed the USB ports on all of its employees’ machines — all, that is, except one….

Reminds me of a conversation I had with an IT manager a couple of months ago. She was pleased to demonstrate to me her company policy for blocking access to USB ports in an effort to prevent incidents of data theft. I was about to praise her for taking the initiative when she went on to mention that the policy applied to everyone except management. “They would find it quite unacceptable” she stated…