Several companies now require special permissions for an employee's company-provided computer to write to a USB device (disk drive, CD/DVD, memory stick/thumb drive) but allow the computer to read from those USB devices. Companies claim that writing to the USB is a risk.
From a security view, reading a USB can be risky because it could contain viruses or malware. Plus, since the company doesn't allow writes to USB, any reads from USB would be from a "foreign" device (outside the company's control), which increases the risk of it containing harmful data and/or software.
Using USB devices to transfer data between computers, and to backup data for safe-keeping is, and always has been, an efficient use of USB devices, but company policies now make that impossible... which forces people to find other "workaround" ways to do that, some of them pretty risky.
Can anyone explain the rationale behind companies establishing security policies that allow USB reads but not writes?
Any corporate IT people or cyber-security experts out there?
