USB device security - How secure is your data?
Forensic Focus - September 2009
USB flash drives have become an increasingly popular data storage option with some devices now holding up to 132gb of data. With the increase of usage we have seen the increase of security challenges that businesses are needing to address and overcome.
A recent survey by SanDisk, a major manufacturer of USB devices, shows that large amounts of sensitive data is stored on USB devices.
Are USB flash drives a useful tool for sharing data, or a way for malicious users to bypass network security policies and put your data at risk?
- Unauthorised removal of data
- Virus introduction
- Exposure of sensitive information
Key benefits of USB device security:
- Reduced risk of data theft
- Reduced risk of data loss and/or corruption
- Enhanced controls of access to company critical data
- Promotes employee understanding
Having established the risks associated with portable storage devices, now is the time for your organisation to consider whether it should:
- Limit the use of portable data storage media and devices except with specific authority
- Automatically record the attempted connection of any and all devices to the corporate network
- Prevent MP3 players, digital cameras and mobile phones being connected to PCs
- Automatically encrypt all data carried outside the network on portable devices
- Amend definitions of ‘misconduct’ within appropriate HR policies to reflect the new issues facing organisations as a result of these lifestyle devices
Tips for combating unauthorised USB devices
There are a number of countermeasures that can help to reduce, but will never eliminate, the risk of using USB storage devices. These include:
- Disabling the USB and FireWire ports on each computer.
- Introducing encryption technology to protect intellectual property and other data against disclosure on
misplaced or stolen USB devices. If the data does leak out of your organisation no unauthorised person will be able to read it.
- Using portable storage devices that feature strong authentication as well as data encryption. SanDisk,
Kingston Technology, Lexar and IronKey all produce thumb drives like this.
- Having your IT staff use features within the computer operating system to control access to USB ports and devices.