A couple of years ago I walked into one of my client’s retail locations to look at the computers hosting their POS system. Checking the log files I could see that that morning someone had inserted and removed an external USB device. Unfortunately, that was about as specific as the log file got, but after a few questions to the staff it turned out that the maintenance guy was using the USB port on the front of the computer to charge his phone. That was fairly harmless, but as the person responsible for keeping these machines running, I did not want staff using them for anything other than selling products and services.

A big concern in this instance was that the POS software uses a local copy of the entire customer database, information that a competitor might find valuable. It would be very easy for an employee with basic drag-and-drop skills to copy those files to his or her smartphone or MP3 player and walk away. The competitor instantly has a customer database that took someone else decades to build.

It would be nearly impossible to enforce a ban on these tiny devices in the work place, but you can easily prevent employees from successfully connecting those devices in the first place.

I once heard of an employer using crazy glue to seal off the unused USB ports on their computers, but, while effective, it seems a bit extreme and I suggest a more graceful approach: IntelliAdmin has several free tools to disable the USB, optical and, if you still have them, floppy drives on PCs. Simply run the software on the machine and that’s it. No accidentally gluing yourself to the keyboard.

If your company runs a Windows Server with an Active Directory domain, you can use Group Policies to limit how employees use their computer hardware and software. This is best performed by an experienced IT pro, but USB ports and CD-ROM drives can be turned off for all or only certain users from the server.

With a mobile-enabled workforce, many employees have to connect to their office computers to synch their contacts, work that they brought from home, or upload photos from a job site. But how do we know he or she isn’t planning to jump ship with a copy of your customer database, or upload a fatal virus?

I’ll have that answer for you next time. Until then, have you checked your backup?