Data is the DNA of any company and as such, must be protected at all times and handled cautiously and wisely. Data on USB devices should be secured and policies implemented to ensure the information is safeguarded, stored, downloaded, and shared with only authorised parties.
Failure to do so exposes a company to a host of negative consequences including non-compliance, fines, financial loss and lack of customer confidence and trust.
Based on my company’s extensive market experience and customer feedback, I have identified the top best practices that organisations should follow to protect confidential data. In the current economic climate, it’s even more important that companies foster a greater understanding of USB security among their staff and put the correct policy in place to ensure they are not the next ones making the headlines.
Here are my recommendations to enterprises for best in class portable security:
1. Build an Encrypted USB Plan: Protect & Comply
The best time to develop an encrypted USB plan is before you need to prove you had one – incorporate secure USB Flash drives and policies into your organisation’s overall security strategy.
2. Identify the Most Suitable USB Flash Drives for Your Organisation
Determine the reliability and integrity of USBs by confirming compliance with leading security standards and ensuring that there is no malicious code on them.
3. Train and Educate
Establish a training program that educates employees on acceptable and unacceptable use of USB Flash drives. Walk users through actual breach incidents and other negative consequences that occur when using non-secure USBs.
4. Establish and Enforce Policies
If you don’t have the right policies in place for all to follow, USB drives can potentially be the downfall of your data security strategy. Setting a policy is the first step, but it’s an incredibly important one. Underscoring the need to establish and enforce USB policies, the Ponemon study results revealed that nearly 50% of organisations confirmed having lost drives containing sensitive or confidential information in the past 24 months.
5. Provide Company-Approved USBs
Proven hardware-based encryption using Advanced Encryption Standard (AES) 256 security provides portability and superior encryption over host-based software encryption.
6. Manage Authorised USBs and Block Unapproved Devices
If you do not, sensitive data can be copied onto these devices and shared with outsiders and your organisation is the next statistic for data loss or theft.
7. Encrypt Confidential Data
If you don’t encrypt data before it’s saved on USBs, hackers can bypass your anti-virus, firewall or other controls, and that information is vulnerable.
8. Certify Anti-Virus Protection is Present at Every Entry Point
Ensure endpoint-host computer systems are equipped with up-to-date anti-virus software.
Security breaches continue globally and many are the result of either lost or unsecured USB drives. In November, the Ponemon Institute released a research, “The State of USB Drive Security in Europe”, which interviewed 2,942 IT professionals and IT security practitioners from companies based in Denmark, Finland, France, Germany, Netherlands, Norway, Poland, Sweden, Switzerland and the United Kingdom.
The report revealed that while companies understand that employee ‘negligence’ puts their organisations at risk, many of these companies do not take the necessary steps to use secure USB drives and set proper policies. The report found that of those polled only 48 percent consider protecting confidential and sensitive information on USB Flash drives to be a high priority for their organisation even though 63 percent of them feel that data breaches are caused by missing USB drives.
The report further uncovered that businesses are still astoundingly lax when it comes to USB security despite recognizing the dangers and negative ramifications. Even if 68 percent confirm that their organisation has an acceptable USB usage policy, less than half of them say they are not required to adopt security practices such as usage of passwords or locks, total lockdown, virus and malware scan etc.
The solutions for securing USB drives and getting employees to support and adhere to the rules and policies should not be complex and expensive, nor should it reduce employee productivity. The goal of all security professionals is to help businesses close the security gap by bridging best practices with secure USBs and to make it as seamless and simple as possible.