Businesses Still Using Unencrypted USB Devices to Store Data One Year After GDPR

It has been revealed that businesses are still storing data on unencrypted USB devices despite the risk of incurring significant GDPR fines for doing so.

ESET, an IT security company, and Kingston Technology, a leading provider of technological solutions, surveyed over 500 businesses based in the United Kingdom for the report. The data revealed that 55% of business surveyed don’t encrypt devices such as USBs.

Jake Moore, a cybersecurity specialist at ESET, said: “With GDPR one-year milestone just a month away, it is interesting to see what businesses are doing differently to protect themselves from cyber security issues and fines. The survey reveals that companies are still not adequately protected from data leaks as this level of unencrypted devices means anyone can access personal data without security clearances. This poses significant security concerns for firms that do not have the processes in place to ensure their data is safe. One of the ways to do this is through the use of encryption. However, the survey reveals that password protection is still widely used amongst businesses even though it lacks in sophistication.”

Storing data on unsecured devices dramatically increases the risk that an unauthorised individual could access the data and use it for nefarious purposes, such as identity theft. If the Information Commissioner’s Office, the UK regulator for GDPR, finds a business to be non-compliant, it is responsible for enforcing the legislation and issue fines.

Depending on the severity of the infringement, these penalties can be as high as €20m of 4% of annual global revenue for the previous year – whichever figure is higher.

Additionally, the survey revealed that 62% of executives admit to seeing USB devices in unsecured places such as desks, drawers and exposed office spaces. This leaves the device vulnerable to being stolen by an employee or visitor. If the device is unencrypted, unauthorised data access is a certainty.

According to Robert Allen, European Director of Marketing & Technical Services at Kingston Technology, losing an unencrypted USB stick can have severe consequences. He said: “Using encrypted USBs will protect your sensitive data outside of the network firewall. Encryption promotes and maintains a productive and efficient mobile workforce while complying with GDPR and other data privacy regulations. At the same time, it protects the business network from being infected or hacked by cyber criminals that implant malware to infiltrate personal data. Can corporations really afford to take the risk?”

The cost for encrypting USB devices and other devices which store data is small in comparison to the cost of mitigating the harmful effects of a data breach.

Link copied to clipboard
Photo of author

Posted by

Emma Taylor

Emma Taylor is the contributing editor of Defensorum. Emma started on Defensorum as a news writer in 2017 and was promoted to editor in 2022. Emma has written and edited several hundred articles related to IT security and has developed a deep understanding of the sector. You can follow Emma on and contact Emma at