Prohibit the use of portable storage devices when such devices have no identifiable owner.

Portable storage devices, especially non-company-owned devices can pose a security risk when used on your systems. They can carry malware and are easy to transport into your facilities. This is why they need to be prohibited from being used on your systems. Using technical controls you can ensure that only your company-owned storage devices are used on your system.

Document the serial numbers of the USB thumb drives and other portable storage devices used in your organization. When you provide one to an employee, document which device you gave them. As a result, all of your authorized devices will have an identifiable owner. Prohibit the use of any non-company provided storage devices on your systems. Using technical controls you can ensure that only your company-owned storage devices work on your systems. Enterprise anti-virus software often has the capability to allow only whitelisted storage devices on your systems. Using group policy is also an option for Windows computers.