Earlier this week Heathrow Airport were fined £120,000 by the Information Commissioner's Office following a data breach from last year which was caused by a simple lost USB stick. The USB stick in question contained over 1,000 files, reportedly even including a timetable of patrols guarding the site against potential terror attacks, and the exact route taken by the Queen when using the airport.
Despite all of this highly confidential data, the memory stick had no encryption or password protection in place to deter the finder from accessing it. For some, this may raise questions of whether employees can be trusted to use removable devices at all, but the few companies who have tried enforcing similar policies in the past were quickly forced to revise them. In 2008, for example, the spread of a USB-based virus intrusion within U.S. military networks resulted in a USB ban for 15 months - which was only stopped because it made it impossible for many employees to perform effectively and productively.
For the individuals who do rely on USB sticks or similar removable devices in their daily work, consider implementing some of the following 'best practices' to lower your security risk.
The main reasons behind USB sticks being so vital to many individuals' daily work is for simple storage, and moving files from A to B - whether that be for remote work, or just due to file size limitations in email and other delivery options. Both of these things are made arguably easier with cloud storage, which can be accessed from any device, whenever needed, without the risk of carrying anything on your person.
Cloud Backup for Office 365
Choice of Device
Levels of security can differ between different hard drive brands and models, leaving you with plenty of options to increase your data protection by simply switching to a different memory stick - here is a list of the best external hard drives of 2018 from PC Magazine. Advanced capabilities you can find with certain USBs include automatic encryption, virus scanning protection, password protection, and remote wiping technology.
As mentioned, some USB sticks do come with encryption software already installed, but it's important to inspect this properly as, even if there is some pre-existing encryption software, it may be inadequate for your security needs. If this is the case, there are a number of third-party encryption options available to purchase.
This encryption software scrambles your data until it is completely unreadable - preventing anyone from accessing it without the appropriate decryption key or authorised device.
Some Extra Tips:
- Establish a company policy with clear permitted uses for USBs
- Enforce policies through employee training sessions
- Implement USB scanning on corporate computers
- Perform regular backups of USB devices internally, including encryption keys
- Keep a precise count of the active USB devices used within your organisation