Categories
Blog USB Copy Protection USB Sescurity

Three advantages of USB copy protection

There are three ways to distribute content that has copyright or intellectual property: CD/DVD distribution, USB flash drive distribution, and downloading or streaming through the network.

CD/DVD has been the most popular content distribution media so far because it is relatively cheaper than any other media and good for mass production. CD/DVD has relatively smaller capacity than other media, so it cannot be used for larger multimedia files. CD/DVD should be used for read-only or play-only content since customers cannot to write onto a CD/DVD after distribution. Since laptops no longer have built-in CD/DVD drives, the CD/DVD is disappearing. That is another reason that other means are being substituted for CD/DVD

Downloading or streaming through a network is currently the best means for content distribution. We download a game, music, and movie file from the online marketplaces of Google, Apple, Amazon, Netflix, etc. As long as customers pay for the content, they are generally able to use it anywhere with any device such as a smartphone, tablet, and PC. Downloading or streaming is cost-effective because it doesn’t need a physical medium for content distribution. However, there are certain disadvantages since the content can be shared with those who know the buyer’s account. Downloading and streaming is mostly used for the distribution of multimedia content, games, and software. Large files are not a problem as long as the network bandwidth can accommodate them. Adding and changing content after distribution is also easily done through the network; however, content might not be reachable when offline.

A USB flash drive is also used for content distribution and recognized as the best medium for large files. A USB flash drive enables a two-factor authentication: an authorized user has to have a USB flash drive as physical evidence, as well as a login/password to view content stored on the drive. Thus, a user is prevented from sharing content with an unauthorized person by sharing login information only. Existing USB copy-protection solutions have utilized only the two advantages: the high capacity and the two-factor authentication.

However, a USB flash drive as a medium has another big advantage: we can write on it. If we think about it, a USB flash drive is an ideal way for read/write content. A user can manipulate or edit the distributed content. In other words, we can utilize a USB flash drive just like a hard disk drive in which all functions of the applications supporting the original content are available as long as copy protection works during utilization. For example, we can rotate and check a 3-dimensional object in a CAD program, jump to the other sheet or refer to a function in a cell in a MS Excel file, view animations in a MS Presentation file, or refer to hidden comments in a MS Word file. A USB flash drive is also okay for complicated content with multiple files, such as the content that contains an execution file and multiple files, including a database to which the execution file refers. You do not need to think about changing the format or style from the original content before distribution. Finally, when content needs to be added or changed, the content can be downloaded and updated onto a USB flash drive through the network.

Only Secudrive USB Copy Protection maximizes read/write features of USB flash drives as a medium for content distribution in this industry. If you need to distribute large, confidential marketing or technical material to your branches and partners, Secudrive USB Copy Protection is the best in terms of production, delivery, cost, and security.

Categories
Blog USB Copy Protection USB Sescurity

Security Levels of USB Copy Protection Solutions and Their Use

USB copy protection solutions prevent users from unauthorized distribution of content stored on a USB flash drive. However, it is not hard to find unauthorized distributed multimedia files via the internet, despite having been originally made using CD/DVD copy protection solutions. Clearly, some copy protection solutions cannot fully protect content against sophisticated digital piracy, and the solutions have different security levels according to the difficulty of creating the unauthorized copy. Therefore, the copy protection solution should be carefully chosen according to the nature of distributed content and how much damage the unauthorized copy can give to a business. In other words, you do not need to use expensive copy protection solutions for protecting content that is not as valuable to a malicious user, while you must use expensive solutions for protecting valuable corporate information.

Using a custom file explorer is one of the simplest ways to accomplish copy protection. Distributed files are located in a virtual drive, and a user can access and view the files only through the custom file explorer. To prohibit unauthorized copying, the menu for copy and print can be disabled in the explorer. These kinds of solutions are relatively cheap and consist of simple features. There is not the concept of ‘master content’, which is necessary for mass distribution. A user should put the content onto a USB flash drive one-by-one to make distributed USB flash drives. You should verify the security level of these kinds of solutions in the following three ways:

First, after plugging the USB flash drive containing content into a PC, open a command window with the administrator’s privilege and see if you can view the name and location of the file. If the file is hidden in a virtual drive, it can be easily copied by the ‘copy’ command in the command window. If the file or the header of it is encrypted, you can easily copy it, too, but the copied file is useless without the custom file explorer.

However, even in the above case, these kinds of solutions have a crucial disadvantage in which the content can be easily copied by a USB duplicator using sector-by-sector cloning. Therefore, you have to choose the solution that requires USB flash drives with serial numbers, which prevents sector-by-sector cloning by allowing only one unique distributed content for only one unique USB flash drive according to its serial number. Then, even if the USB flash drive is sector-by-sector cloned, it cannot work because the serial number of the new USB flash drive is different from the original.

Finally, there are other ways besides copy and print to duplicate original content. For example, in MS Word, you have to check if you can use transfer as a PDF or save to web. It is somewhat hard to control by using a custom file explorer, so the option might be available for unauthorized copy.

The second popular way for copy protection is using a custom file viewer. This solution offers a custom file viewer to access and view encrypted content, which is transformed as a PDF-like format. A USB flash drive stores the viewer and encrypted content. These kinds of solutions generally go with their own exclusive USB flash drives, which have serial numbers so that they can be safe from sector-by-sector cloning. There is not the concept of ‘master content’ for mass production and distribution and recognized as a relatively secure way of using software encryption to distribute a simple file.

The third way controls the functions of applications at the OS kernel level for copy protection. A USB flash drive stores the security policy for a user and the encrypted files to distribute. When the user puts the USB flash drive into a PC to view the files, an agent is installed on the PC that controls the user’s rights according to the security policy saved in the USB flash drive. In this method, all the original functions of the applications can be available, while copy, print, screen capture, and network transfer can be controlled according to the security policy. The file encryption and decryption process happen quickly during the application. It is proper to distribute complicated content which is consist of multiple files. Only Secudrive USB Copy Protection adopts this method. It requires a USB flash drive with its own unique serial number. It has the concept of ‘master content’ for mass production and distribution. It can update files after distribution. It is appropriate to distribute sensitive content, which can be used just like the original with hundreds or thousands of branches or partners in the enterprise. It is recognized as a relatively secure way using software encryption.

Meanwhile, Secudrive USB Office and CAD adopts hardware encryption using an encryption chip equipped in the USB flash drive, so that it can be perfectly suitable for distributing and sharing of sensitive corporate information through USB flash drives. Since the federal government and agencies are recommending using hardware-encrypted USB flash drives, it is certainly recognized as the most secure. In addition, it is possible to freely edit MS Office files containing sensitive management information and CAD files, such as AutoCAD and CATIA containing new product drawings, under copy-protection features. Moreover, the file activity in the USB flash drive can be monitored in real time through the internet. When offline, the logs are stored in the secure area on the USB flash drive, and they can be seen when the network is connected. When the USB flash drive is lost or stolen, the data on it can be destroyed through the internet. It will be useful when sharing proprietary information in small or medium groups. Of course, it is the most expensive.

Categories
Blog USB Copy Protection

Two Ways of USB Copy Protection for Office Files

Traditionally, “copy protection” has been used to describe a technology to keep copyright of an audio/video file or software program from unauthorized copying when distributing it to mass customers. The media for distribution has mostly been a CD/DVD, a one-way medium, which is only for playing once the content is stored in it. However, a USB flash drive has also been used for copy-protection media due to high capacity and portability because of the appearance of high-density video files these days. It is possible to read/write to a USB flash drive so that there could be more possibility to implement copy-protection technology and more types of content could be distributed with more varied ways according to different purposes. Recently, Office files such as Microsoft Word, Excel and PPT have also been commonly distributed to share confidential information with coworkers out of the organization as well as employees in the organization. So, copy protection is not only for audio/video file or software program distribution anymore.

Office files that are distributed through a USB flash drive are mostly related to organizational secrets such as manuals and marketing materials so that its security should be more crucial than that of any other content. When it comes to a breach of that kind of content, it doesn’t simply mean just leakage of copyright but might negatively affect overall aspects of business, including the immediate collapse of organizational reputation. Customers feel a big difference according to which copy-protection technology is applied to handle Office files, while they rarely feel the difference even if copy-protection solutions use different technologies to handle audio/video file or software program. Therefore, the solution should be carefully chosen according to the nature of the distributed Office files.

First, most USB copy-protection solutions generally change an Office file into a PDF format file and encrypt it. Then, they make it possible to view the file through their own exclusive viewer. The nature of the PDF format is just like a still image so that the original dynamic features of MS Office, such as “comment” of MS Word, “animation” of MS Presentation and “function” of MS Excel, which are very useful to explain the multilevel meaning of content, are unavailable. According to preset users’ rights, an exclusive viewer enables or disables users’ rights such as copy, print and screen capture. This is the most common type to accomplish copy protection with MS Office file types.

Second, a new type directly controls functions of applications at the OS kernel level for copy protection. A USB flash drive stores the security policy for a user and encrypted files to distribute. When the user puts the USB flash drive into a PC to view the files, an agent is installed on the PC and then it controls the user’s rights according to the security policy saved in the USB flash drive. In this type, all original functions of MS Office can be available, while copy, print, screen capture and network transfer can be controlled according to the security policy. A user can edit, see comments in a Word file, watch PPT animation, move to different sheets and refer to a function in an Excel file. The original dynamic MS Office file without any transformation can be distributed and users can utilize all functions under tight control. The quality of the content could be kept the same as the original so that the contributor doesn’t have to think of additional things to do to distribute anymore.

Secudrive USB Copy Protection is the only solution that adopts the second method. Secudrive USB Copy Protection is a more advanced solution for the enterprise to distribute Office files containing corporate secrets to specific partners and employees, whether or not they are in the organization, while the general USB copy-protection solutions using their own exclusive viewer are for distributing read-only Office files to the general public.

Categories
Blog Device Control File Server Security Insider threats USB Sescurity

How to Prevent HIPAA Data Breach by Insiders

The most frequent cause of health data breach accidents is an insider. About half of these accidents are a result of an error by insiders while the other half are a result of wrongdoing. Obviously, we should prevent accidents by both causes. (Read: Insiders: the Most Frequent Reason for HIPAA Data Breach)

First, health data should not be stored in scattered PCs, but should be stored separately from other data in a securely reinforced storage computer. This has a decided advantage to keep not only confidentiality but also integrity and availability, which are required in the security rules of HIPAA.

A file server could be a good option, after it is reinforced with some actions, as follows. Access to and permission to edit the data should be controlled. File versioning is needed to keep data integrity against intentional alteration or deletion of the data. The data should be backed up in real time or regularly to keep data availability. And finally, the network for storage should be separated physically/logically and encrypted to protect against attack from outsiders.

Secudrive File Server makes it possible to manage users’ rights of copying, printing, screen capturing and network transferring to use files in the file server. File activity logs are monitored at a glance and stored in real time so that they could be very helpful for audits. When data is transmitted to the outside, it provides encrypted data transfer under approval by the authority. In addition, whitelisting to enable specific applications to be used in the server can protect the data against attack by ransomware.

When data needs to be taken outside using a USB flash drive, Secudrive USB could be used to prevent users from unauthorized copying, printing, screen capture or network transfer of data on the USB flash drive to others, even in an ‘out of sight’ environment. Usage logs are gathered and monitored in real time through the network. When offline, the logs are gathered in the secure zone of the USB flash drive. When it comes back to the office, an administrator can view what the user had done with the USB flash drive. If the USB flash drive is stolen or lost, the data on it can be destroyed remotely. Of course, the USB flash drive is hardware encrypted, requiring a password to see the data. Secudrive USB Management Server provides a central management environment to manage the security policy of scattered USB flash drives and to monitor their real-time usage.

Because external hard drives, USB flash drives, and smartphones can be connected to PCs through USB ports, they could be used to take data from a PC. Secudrive Device Control can block the USB ports, ensuring that only secure USB Flash drives like the Secudrive USB flash drive can be used. For a coworker off site, an access-controlled account can be made for him/her in the file server to share files. This is much more secure than using email or public cloud service to share data.

Finally, educating insiders about security should be a top priority to prevent health data breaches by insiders. Data should be classified to be kept secure and access and rights to classified data should be allocated to the right persons. Administrative works should be done and updated regularly. In the ongoing administrative process, Secudrive could be an easy and cost-effective solution for small and medium healthcare organizations to mitigate the risk of a data breach by insiders in accordance with the technical safeguards of the security rules of HIPAA.

Blogs relating to HIPAA

Data Destruction for HIPAA Compliance
Insiders: the Most Frequent Reason for HIPAA Data Breach
the Costs of Data Breaches and Violation against HIPAA
The Primary Threats to Data Breaches of Protected Healthcare Information(PHI)
The Three Safeguards of the HIPAA Security Rule Summarized

Categories
Blog Insider threats

Insiders: the Most Frequent Reason for HIPAA Data Breach

Ponemon Institute and IBM reported that the average total cost of a data breach is $4M in their study, “2016 Cost of Data Breach Study: Global Analysis,” which researched 383 companies in 12 countries, including the U.S. However, the average total cost of a health data breach could be more than that because the study said that a stolen healthcare record costs the average business $355, which is more than the twice the mean cost of $158 across all industries.

A small data breach could cause huge operational, financial and reputational damage to a healthcare organization. When a data breach occurs, the healthcare organization must have a long intensive audit by the Office for Civil Rights (OCR) and spend a lot of time and money on the resolution process to comply with the Health Insurance Portability and Accountability Act (HIPAA) regulations. The OCR will release information about the accident in the media, likely damaging the organization’s reputation. Expensive lawsuits from affected individuals can then follow.

Meanwhile, according to the Breach Barometer Report: 2016 Year in Review by Protenus, 192 out of 450 healthcare data breach accidents of 2016, which they surveyed, were caused by insiders. This means that data taken by an insider is the most frequent reason (43%) while hacking accounts for 26.8% and data simply lost/stolen accounts for 19% of all breaches. Of the 192 accidents in the report, 99 were a result of an insider-error or accident, while 91 were a result of wrongdoing. (Two could not be classified as error or wrongdoing due to lack of information.)

Protenus’s report also mentioned that it took an average of 233 days for a healthcare organization to discover they had a health data breach, however, the time to discover in cases of insider wrongdoing was more than double that – 607 days. It indicated that the main reason for taking that long is lack of money and a dedicated professional to monitor data, but another important reason is that organizations basically have taken a reactive approach to privacy monitoring: they worry about breaches to patient data only after they are brought to their attention by the affected party, allowing for inappropriate access to patient data to go unnoticed for extended periods of time, if it is detected at all. The organizations may also be informed about breaches by outside sources like the media.

Secudrive could be a good alternative for healthcare organizations to take a proactive approach to prevent data breach by insiders. Specifically, it provides an easy and cost effective way even for small and medium organizations to prevent intentional breaches by malicious insiders as well as breaches caused by an error by inadvertent insiders.

Blogs relating to HIPAA
Data Destruction for HIPAA Compliance
the Costs of Data Breaches and Violation against HIPAA
The Primary Threats to Data Breaches of Protected Healthcare Information(PHI)
The Three Safeguards of the HIPAA Security Rule Summarized