How to improve your USB data security

Your security policy

Businesses still use USB drives and other portable data devices for a number of their core operations. These continue to be the potential source of a major security breach, as the security company ESET discovered when they asked 500 dry cleaners across the UK how many USB drives they find. On average they found four USB drives, which of course could all have contained highly sensitive information.

Mark James, security specialist at ESET, said: "The number of USB sticks and mobile devices that are left in dry cleaners each year is staggering and clearly highlights the need for people to pay closer attention to protecting their data. In the wake of recent security breaches against high profile organisations it is time for people to start taking their own security more seriously.

"Data is of high value on the dark net and cybercriminals will always be on the lookout for anything they can find. Out of the 10,004 USBs that never got returned, one can assume that a high percentage of them would have contained sensitive corporate data. This therefore creates a potential risk for UK businesses because there is a high chance these devices have ended up in the hands of cybercriminals."

The first move your business should make is to include USB drives in your business-wide data security policy. This policy should be communicated to all members of staff to ensure they fully understand their responsibilities.

Samsung T3

Masses of data can now be stored in a device that is smaller than a business card

Six key steps

Where USB drives are concerned, your security policy should include the following steps:

1. That no personal drives should be connected to any of your business computer systems or network, as this could infect your systems with viruses or malware.

2. Only USB drives secured from your IT department should be used. These should all be tracked to ensure your business knows at any given time who is using which drive and for what purpose.

3. All data that is transferred to a USB drive should be encrypted to 256-bit AES standards. Ensure that the encryption process is automatic to avoid this being forgotten and the copied data becoming vulnerable. Also, use hardware encryption and not just software encryption to give maximum protection.

4. Data that is transferred to a USB drive should be backed up to ensure that if lost or damaged, the copied data can be recovered.

5. Drives should have the ability to be remotely terminated. This allows your IT department to disable a USB drive that is, for instance, still in the possession of an ex-employee. Data can also be time-expired to ensure it can't be copied back to your network storage.

6. If a large number of USB drives will be in use, look for a vendor that offers a central control panel. This allows your IT department to update encryption, passwords and other authorisations remotely.

For business users the USB device in all its forms has provided a cheap and convenient way to store and transport data. However, in a world where cyber-security should be on every company's agenda, ensuring these devices are used securely and are protected from infection from viruses and other malicious code is vital to your business.

Do you know how many USB drives are being used across your organisation? Are they using encryption? Perform a security audit today. The results may surprise you.