Blog USB Sescurity

Four Basic Requirements for USB Drive Security

USB flash drives are still popular portable storage devices because they are small and have relatively large storage capacities. Data on USB flash drives are not only readable but also editable, while data on CDs/DVDs are only readable. Users can edit the data on USB flash drives anywhere and in any situation.

You can place data on a USB flash drive to keep it physically separated from the rest of the data on a laptop and minimize the effects of a data breach if you lose the laptop. You can also use data on a USB flash drive by plugging it into a computer even when you’re offline; in contrast, you can access data on the cloud only through a network, meaning you can only use it when you’re online.

Although USB flash drives have significant advantages over other storage devices, many organizations now prohibit employees from using them by blocking the USB ports on their computers. These organizations make employees use and transfer data only through their networks, through which they monitor their data activities. The reason for this prohibition is that USB flash drives are vulnerable and lack security safeguards—unlike computers, which various information-security solutions protect to prevent data breaches.

However, many organizations still use USB flash drives. Some allow employees to use them freely to increase productivity, while others allow them in special cases despite prohibiting them generally. Companies that allow USB flash drives should use ones that are safeguarded by security solutions as secure as laptops are to prevent data breaches. If the data on a USB flash drive is as important as the data on a laptop is, it is easy to understand why it is imperative to protect the drive’s data. Below, we describe basic ways to protect data on a laptop. These basic methods can also promote USB security.

First, encryption software should be installed on a laptop in case it is lost or stolen. Second, antimalware software is required to prevent malware infections. Third, data-loss-prevention software protects against unauthorized data transfers outside the office. Finally, laptops should be managed collectively and remotely. The organization should require these four basic principles of laptop data security.

Encryption. Encryption guards against data breaches in the event the device is lost or stolen. Some encryption software can encrypt general USB flash drives. Some USB flash drives include preinstalled encryption software, and others include an encryption chip or keypad. Generally, USB flash drives with encryption chips are recommended for the enterprise level of security (read about Types of Encrypted USB Flash Drives).

Anti-malware. A USB flash drive also needs anti-malware software to prevent malware infections. When a USB flash drive is plugged into a computer that malware has already infected, the malware can easily infect it as well. The infected USB flash drive can then spread the malware to other computers in the organization.

Digital Right Management. You should prevent users from taking files from your USB flash drive without your permission. You cannot monitor an unauthorized data breach if a user uses the drive outside the network; therefore, you need to prohibit user rights to copy, print, screen-capture, and network-transfer files containing sensitive data before giving the drive away. That is the only way to protect against a data breach.

Remote Management. Finally, you should remotely monitor what users do with the files on USB flash drives they borrow from you. Before you give one to a user, you should set the password, usable period, usable IP bandwidth, and user rights. When a USB flash drive is lost or stolen, you can remotely destroy its data or block access to them. When using a USB flash drive offline, you should save its usage logs and transfer them through the network when you return to online use. You should also manage user rights and usage for offline users.

Secudrive prepares its USB solutions to meet the four basic requirements for USB security. It equips all its USB flash drives with AES-256 encryption chips, so only users who know the passwords can access them, and all their files can be transparently encrypted by the chip every time a file is storing on the drive. Secudive can preinstall the Trendmicro malware module for USB security to prevent malware infection by client request. The antimalware module can automatically update when a USB flash drive connects to the Internet. Secudrive USB Office and CAD make it possible to protect users from unauthorized copying, printing, screen-capturing, and network-transferring various Office and CAD files. Finally, Secudrive USB Management Server enables administrators to manage security policies—including user rights—and monitor file-activity logs remotely.

Blog USB Sescurity

How to Protect a File on a USB Flash Drive from Being Copied

We are usually nervous when we hand over sensitive files to an employee who recently started, one who may soon quit the job, or a partner whom we have been working with for only a month. If a sensitive file contains a new product design or a proposal for a big bid that our company spent considerable money and time to develop, that file is vital for company survival. We may also be anxious when we have even a trustworthy employee, whom we have worked with for a long time, carry the file outside of the office.

We usually use a USB flash drive to manually carry files due to the following reasons: 1) the data file size is too large to send via email, 2) the public cloud or a file transfer service is not as secure as our on-premises storage or service, and 3) a sender wants only the appointed person to handle the files. Thus, we send a trustworthy employee with a USB flash drive containing crucial files to someone to manually retrieve, and we pray that the files will not be breached; however, a USB flash drive is small and can easily be lost or stolen. Moreover, we cannot be assured that a USB flash drive is not intentionally or unintentionally given to an unauthorized person when carried out of the office.

When we ask how to protect a sensitive corporate file on a USB flash drive from being copied, many IT pros first recommend encryption. An encrypted USB flash drive can protect the content—if the USB flash drive is lost or stolen—from a person who doesn’t know the password. General USB flash drives can be encrypted using USB flash drive encryption software. There are encrypted USB flash drives with a physical keypad or embedded with an encryption chip.

But what if a person who knows the password copies a file from the USB flash drive and pastes it to some unauthorized storage or gives the USB flash drive with the password to an unauthorized person?

When we ask about it, some IT professionals say, “That’s not the job of IT. HR should have hired trustworthy employees. And if you are worried about it, you can get employees’ signatures on a non-disclosure agreement (NDA) when they are hired.” Employees who were trustworthy when they were hired can change. They may develop a grudge against their boss or company, or they could get in personal financial trouble and need money. Of course, NDAs can make employees hesitate before performing any wrongdoing; however, at the decisive moment many people “forget” that they signed an NDA when they were hired. Once the data is breached, NDAs cannot save a company, and a company may be awarded significant financial damages in court that an individual cannot indemnify. Worst case scenario: a company can go out of business because of a breach in security.

Finally, someone says, “You cannot protect any file on a USB flash drive from being copied if somebody can see the file, because he or she can write down the content on paper, take photos, or record a video.” This means technology cannot protect you from a data breach. And, what about the security solutions that we are using? Those “analog attacks” are the slowest, most difficult, and most incorrect ways to breach data.

Locking a door cannot completely prohibit all thieves from opening the door without a key, but it can take more time for thieves to open or destroy the lock. The time could result in thieves being caught, hesitating to break in, or giving up before they attempt to break-in. That is the purpose of locks. Similar to how we don’t open a door because there is not a perfect lock for every thief, we should not give up on technological security safeguards for a data breach because we cannot protect from analog attacks.

Meanwhile, if the sensitive information can be copied by analog attacks, the information should be kept in the founder’s brain. Then that would not be a job of IT.

However, Secudrive USB solutions provide a clear, easy way to protect sensitive files on a USB flash drive from being copied. Secudrive USB Office and CAD edition are secure USB flash drives equipped with encryption chips. These chips make it possible for users to securely read and write Office and CAD files on the secure USB flash drive while protecting the files from being copied, printed, screen-captured, and/or network-transferred. They also record all user activity. Secudrive USB Management Server enables an administrator to manage the USB flash drives and user rights and to monitor file activity logs through the Internet.