Categories
Blog USB Copy Protection USB Sescurity

How to Protect Confidential Data When Offline

How is it good policy to turn off security when it is needed most? It’s not.

When introducing a strong internal information leakage prevention system into an organization, a common complaint is that it hinders their efficiency. Therefore, many organizations aim to establish a transparent system where employees are virtually unaffected by the information security system.

Under a transparent security system, everything is done through a network where the manager can monitor employee actions. If any confidential files need to be sent out of the office, it will need to get approval from a manager and if using a hard copy, a watermarked version will be used. So it seems that data can be fairly well controlled from within the office.

Outside the office, however, it becomes exceptionally more complicated when trying to manage confidential data. If, for example, an employee were to leave on a business trip, there are numerous uncertainties and factors that need to be taken into consideration such as: Will it be acceptable if they bring a laptop with the data stored inside? What if the laptop is lost or stolen? Is password-encryption enough to stop potential hacking attempts? The list can go on and on. Also, if the laptop is not able to connect to the internet and therefore is not able to connect with the security system, either the laptop or the security system might not work. Generally, if a device that is being controlled by a security system cannot communicate with the system through a network, it will render the laptop unable to run in stand-alone to prevent data leakage. If not, then the laptop wouldn’t have any form of security which puts the data at risk.

In this type of scenario, many organizations often make ‘exceptions’ for employees going on business trips by stopping the agent program that enforces security policy on the installed PC for their internal information leakage system and only allows them to bring the laptop out of the office once signing additional security or non-disclosure agreements. Of course, this is not the best approach and it is best to just not let them take the laptop altogether.

By making these types of exceptions, the overall authority of the security system is then crippled. This can often lead to questioning the ability of the security system and these security exceptions are a recipe for internal data leakage. How is it good security policy to turn off security when it is needed most? It’s not. These “little exceptions” are leaving big holes in an enterprise’s security system and merely having employees sign one more non-disclosure agreement will not prevent data leakage; at best it will only discourage it.

Exceptions should not be made for a common reason such as a business trip or taking files out of the office. These are times when data leakage risks are at their peak and, if anything, more security should be put in place. Unfortunately, more limitations result in less efficiency. It is difficult to get around this tradeoff between security and efficiency but in the case of these exceptions, some sort of information security system is necessary. The best case would be a security system that can work both online and offline which would result in more trust in the security system as well as cover up these large holes when taking data in an offline environment.

In order to fill these security holes, there are products from SECUDRIVE (www.secudrives.com) that provide internal information leakage prevention solutions for such offline situations. SECUDRIVE utilizes hardware-encrypted USB flash drives for sending internal confidential data when out of the office. One unique line of products from SECUDRIVES is their copy-protected USB flash drives that block all copying functions so that files that are stored in the USB cannot be copied out. This will allow the security manager to block copying, printing, and screen capture of files before they are sent out of the office.

SECUDRIVE USB Office is a copy-protected USB solution for organizational business files such as Microsoft Office files while SECUDRIVE USB CAD is also a copy-protected USB that is meant for computer-aided design files such as Adobe and Autodesk files. Also, the USBs can be managed using SECUDRIVE USB Management Server which will allow the administrator to control password and security policies, as well as record USB activity in the program’s log.

Internal information leakage prevention systems need to be able to function both online and offline as well. Business continuity should not be sacrificed for internal leakage prevention and internal leakage prevention systems should not be disabled to retain business continuity. Products such as SECUDRIVE will help to create a balance between the two and make these security holes disappear.

Categories
Blog Insider threats

Need to Prevent Data Leak from Your Business Partner

[Company locations, company names, and employee names have been changed for their privacy.]

Due to work efficiency being very important within companies and organizations, internal data leakage prevention methods are still taken quite lightly among U.S. companies, even after the Snowden incident. If someone insisted on introducing a company to an internal data leakage prevention system (which can cause a variety of work restrictions), it is likely that the company would just brush it off because he/she doesn’t understand the American work culture.

However, there was an incident that occurred during business cooperation between a Japanese company and an American company. After seeing the possible internal data leakage unfold, it has become clear that this security risk can’t be traded for work efficiency culture of the U.S. The following story is an adaptation from real events that occurred in Silicon Valley. We hope that this story will change your minds, and help you consider an internal data leakage prevention system, not just as a foundation of trust to keep your company’s data safe but your business partners’ as well.

John has been an employee at company A (herein as “A”), a fast-growing and multinational Japanese company for three years. He is a participant of a new product development project in the Japanese Research and Development center. His job often requires him to go on business trips to Silicon Valley and work with collaborative partners.

When John first started working there, John was introduced to A’s strict data security system for the first time and felt restricted by the rules. Some of the rules include that John could not bring any personal storage devices into the office, and could not send any data to anywhere outside the office without the security manager’s approval. Naturally, all devices that are allowed in the office are set with passwords.

John’s next business trip to Silicon Valley was to meet with company B (herein as “B”), a Silicon Valley-based company that is partnered with A. This trip was very important to John because he was to discuss with the engineers of company B, the results that were developed by over a hundred engineers between the two companies over the last two years, and finalize the plans to launch a new product in six months. If he brought the company laptop loaded with confidential conceptual drawings to discuss with B’s engineers, he would have had to get approval from his security manager first. But John was worried that the company laptop contained other confidential data, which if lost could be devastating to his company. He also realized that the data security software would not work without an internet connection, which wouldn’t allow John to work. So instead, A’s security manager let John sign an official memorandum that would guarantee the destruction of the confidential data hard copies after the business discussions, and off John went with the paper copies.

The first day in Silicon Valley, the business meeting went well. Tom, an employee of B, wrote detailed minutes of the meetings instead of A, because John did not bring any company laptops from Japan. Tom also held onto the conceptual drawings because it was used often to discuss in the string of meetings. It was decided that the hard copies would be destroyed once John received the final minute after the final meeting of the business trip. After the second day’s meeting, John felt confident that they would be able to achieve the outcomes that they had hoped for after two years of effort and overcoming hardships together. He assumes that he could send the good news to A’s management.

The only part that John felt uncomfortable about is that Tom, an employee of B, carries and uses his personal laptop which contained data about the conceptual drawings and other confidential data, even in his home. Before being accustomed to A’s rules and regulations on information security, John might have envied Tom because of his ability to work freely no matter where he was, but now John worried that Tom might lose the confidential information. John wanted to insist that B follow the data security rules of A, but decided against it due to thinking that it was a cultural difference and that it shouldn’t be any of his business.

On the last night of the business trip, John, Tom, and the other members of the meeting went to have dinner together to celebrate their progress and achievements. They parked their cars in a public parking lot near the restaurant. But after dinner, something terrible happened. Three of their cars’ windows had been smashed and the laptop bags containing the laptop with the confidential data and the hard copies of the conceptual drawings were taken. The crime scene got more attention as policemen, security guards, and bystanders surrounded the scene. One of the policemen mentioned that it would be difficult to find the lost items because this appeared to be a common occurrence in the area.

Now, the only thing John can do is hope that it was not stolen by an industrial spy hired for A’s confidential data. The worth of such documents could easily reach tens of millions of dollars. A and B certainly don’t want this incident to be exposed to the public. If one of their competitors could get the confidential data and launch a similar product earlier than A and B, then no one would never know that the new product was developed after modification on the data lost by the two companies.

It is very unfortunate that B does not have strong data security systems in place like A. No matter how good Tom’s work efficiency is, it is not worth millions of dollars. John didn’t think the internal data leakage prevention system caused work inefficiency as much after he familiarized himself with it. After all, if the strong data security system made it highly inefficient to work like most Americans seem to think, how has A grown so quickly into the big multinational company it is today? Now John has to report this disaster to his boss and security manager of his company. They will most likely urge B to keep the strictness of A’s security rules and regulations for the sake of A’s partnership. If not, A may have to look for a different partner that will adhere to their security regulations.

A has achieved a lot with B’s partnership, but A lost data worth millions of dollars because of B’s poor data security. How can that ever be compensated?

Categories
NEWS Notice USB Sescurity

SECUDRIVE USB Management Server Release Notes

The latest version of SECUDRIVE USB Management Server has been released.

4.0.0.1003 (05/08/2016)
4.0 Version Release

3.0.8.975 (04/05/2016)
svcmng.dll(v3.6.4.601) updated

3.0.6.873 (02/11/2016)
svcmng.dll(v3.6.2.588) updated

3.0.2.705 (12/14/2015)
Added policy to stop leakage protection feature about copy protection USB memory, Office +/CAD+ when online
Fixed error to import/export failure when the file size is 16Byte
Fixed error when installing PC certification program(MSI package) on network drive
svcmng.dll(v3.6.2.585) updated

3.0.2.704 (12/3/2014)
Added File export and import feature
Added TMUSB OFF feature

3.0.0.607 (09/04/2014)
Program release
Combined SUMS and SUMT
Added Features:
Active Directory (AD) integration
AD account name and PC username comparison
TMUSB local update
Inative USB locking
Offline Security question password reset
File Copy Filter
Read-only when USB cannot communicate with server

2.0.22.348 (07/21/2014)
Added file logging feature to SECUDRIVE USB Basic+
svcmng.dll(3.2.8.490) updated
Added DRM Policy lift feature for specified computer

2.0.20.298 (04/13/2014)
Fixed master token detection issue in Windows 8.1
Added individual policy feature for each usb flash drive
SECUDRIVE USB Basic+ now supports Mac OS
OpenSSL Library(1.0.1g) updated
svcmng.dll(3.2.5.483) updated

2.0.7.215(9/13/2013)
Fixed the program for remote desktop environment
svcmng.dll(3.0.152.452) update

2.0.5.189(05/15/2013)
Added offline authentication for the TMUSB anti-virus program license
svcmng.dll(3.0.0.144) update

2.0.4.185(04/28/2013)
Message modification

2.0.4.177(03/18/2013)
Program release

Categories
Blog NEWS News Letter Press Release USB Sescurity

SECUDRIVE USB Management Tool and Server Released

Brainzsquare announced the release of SECUDRIVE USB Management Tool and SECUDRIVE USB Management Server, simple integrated management software solutions that allow administrators to monitor SECUDRIVE secure USB flash drives, set security policies, validity settings, and collect detailed event logs to prevent security risks, into the market.

San Jose, CA-September 3rd, 2013– Brainzsquare announces the release of SECUDRIVE USB Management Tool and SECUDRIVE USB Management Server, simple USB management software solutions that allow administrators to manage, monitor, and set security policies on SECUDRIVE secure USB products, into the market.

Many organizations today require their employees to use secure USB flash drives when using it to carry company data. But with the risk of security breaches and malicious intent from within companies, what administrators need is not only copy protection, but secure USB drives with integrated management.

SECUDRIVE USB Management Tool and SECUDRIVE USB Management Server are here to allow companies to more easily manage, monitor, and secure their company data that are stored on employee USB drives. They are only compatible with SECUDRIVE secure USB drives such as USB Basic+, USB Office+, and USB CAD+. The management software provides administrators with a strong, integrated management system that allow them to name and register up to eight USB flash drives at a time, and set security policies such as password requirements, offline policies, and auto-lock timers. For our copy protected USBs, administrators can set print controls and copy protection for their documents and CAD files.

These management software also come with validity settings that allow administrators to set a valid time period for users to be able to login to their USB drives or use their current passwords, and set the maximum amount of times a user is allowed to login to their device. Administrators can also save policy settings to be able to conveniently access them again when needing to register more secure flash drives.

Another feature is remote destruction which allows administrators to remotely render a USB unavailable. After checking off the box for remotely destroying a USB and saving the policy setting, the user will not be able to access the contents of the secure USB drive the next time it is connected to the network. This is especially useful for companies if employees lose their USB drives, protecting company data from being seen with remote destruction and password protection.

A detailed event log is recorded for all SECUDRIVE USB drives registered, allowing administrators to view USB serial number, user ID, product type, actions taken, date, and time. This aides administrators in monitoring USB activity and can be used for auditing purposes.

“Utilizing SECUDRIVE USB Management Tool and SECUDRIVE USB Management Server’s integrated USB management system, administrators can easily monitor and set security policies from their computer. When combined with the use of our secure, copy-protected USB drives, it provides complete security and prevents confidential company information from being leaked, whether accidentally or intentionally. With the power of SECUDRIVE’s USB Management software, administrators have almost full authority over registered USB drives,” said Simon Kang, CEO of Brainzsquare.

If you have any questions or inquiries about this article or its contents, please contact us.