Secure USB Drive

Employment transition?  Involuntary methodologies?  Redundancy?  Whatever you call it, when people leave your company, they present a security risk.  And in the current economic situation, with companies reorganising, making employee lay-offs and even closing offices, it’s likely that this type of security risk is going to increase over the next year.

Employees leaving the company might take sensitive data with them, either by accident or on purpose.  They may even decide to take data (such as customer details, transaction details and more) because they’re unhappy about being let go from the company.

In any case, you need to make sure your security policies and methods are fully up to date and include what to do in the event of staff leaving.  Being unprepared could well result in breaches of security.

This article gives a good step-by-step guide to putting security procedures in place to protect your organisation against these potential risks.  Of course, issuing employees with their own centrally managed, secure USB flash drives is a key part of this:  if the drive is not handed back to IT when the employee leaves, it can be terminated remotely, to avoid the risk of data loss through this vector.

So it’s worth taking time to prepare your company’s security exit strategy.

A long-standing trojan that acts as a malware-distribution service is now infecting PCs via USB flash drives and other removable storage devices, according to anti-virus researchers.

The Virtumundo trojan, also known as Virtumonde or Vundo, is now infecting computers via Windows AutoRun, which enables files or programs to run immediately as soon as a removable media device is connected to a computer.

Although Virtumundo is primarily an adware program that displays pop-up advertisements and downloads software from remote servers, it is also capable of attaching itself to browsers and injecting fake entries into search results. It’s claimed to be one of most prolific ad/spyware threats in the wild to date.

There’s more detail on the worm here, and of course the spread of the worm can be limited by using secure flash drives with built-in anti-virus scanning.

The makers of the Downadup worm, the fastest-spreading malware in recent years, are set to trigger part of the worm’s payload on 1^st April.

The worm, also known as Kido or Conficker, spreads through network shares and via removable storage devices, such as USB thumb drives, using the AutoRun function in Windows.  With an estimated 10,000,000-plus machines infected by the worm at its peak, the worm’s authors are reportedly gearing up for the next phase of the attack.

The trojan downloaded by the worm onto infected machines is programmed to begin connecting to 50,000 different web domains on 1 April to receive updated copies or other malware, according to antivirus researchers.  This tactic is an attempt to outsmart antivirus measures, and ensure the next phase of infection has a chance of success.

So with under two weeks to go before 1^st April, our advice, and the advice from the security industry as a whole, is to apply the Microsoft patch that closes the vulnerability exploited by the worm, and update your antivirus software.  There are also free Downadup-removal tools available on the web.  Don’t be an April fool!

We have posted a couple of times about novelty USB drives, but none compares to this.  Finnish software developer Jerry Jalava lost his finger in a motorcycle accident and replaced it with a prosthetic USB drive.

The drive is a removable prosthetic which has a 2GB USB memory stick inside.  When using the drive, Jerry just leaves his finger in the USB slot.  I guess there’s not much risk of it being lost or forgotten – he’s likely to remember pretty fast when he realises one of his ‘fingers’ is missing.

Jerry’s blog is here, in which he details plans to add an RFID tag to the prosthetic.  So should we change the name from thumb drive to finger drive?  Let us know what you think.

There are currently two key threat vectors:  malware (as shown by the recent Conficker / Downadup worm which spread via USB flash drives).  The second, and most dangerous, is the risk of data loss of theft – another key vector involving thumb drives.

Several recent surveys have reported that enterprises are increasing their security budgets in 2009, to match expected increases in security issues as a result of economic uncertainty.  For example, a Ponemon Institute survey of 950 people who had lost or left their jobs during the last 12 months, found nearly 60% of them took company information, such as customer contacts, when they left.

It’s not hard to see how the data breaches of the last 18 months — lost laptops, USB drives and CDs in the public and private sector — could be overtaken by data theft by former employees made redundant in the downturn.  Where previous breaches have been accidental, they may start to turn deliberate or malicious.

All the more reason to control the use of USB thumb drives, and ensure that company-issued drives can be secured with mandatory encryption and centrally managed.  This enables tracking of data copied to drives, and remote termination of drives if necessary.

NHS Dumfries and Galloway, which provides healthcare services and promotes healthy living to nearly 150,000 people in Scotland, has recently deployed over 1,100 Cruzer Enterprise secure USB flash drives to secure confidential patient information at its headquarters and in 50 field offices in the region.

The organisation is managing the drives using the SanDisk CMC software.  The roll-out is part of a wider initiative to implement stringent policies for safely storing patient data on PCs, laptops, PDAs and other mobile devices, to proactively manage potential security problems before they happen.

The SanDisk solutions were chosen following a benchmarking process.  Graham Gault, Head of Information Management and Technology for NHS Dumfries & Galloway commented:  “I’ve been in this business a long time, and I’ve yet to see a comparable solution that centrally manages the drive’s complete lifecycle the way that SanDisk’s CMC does.”

Read more about the deployment on E-Health Insider and BBC News.

How soon will USB thumb drives be recalled to service with the US military, following the ban in November 2008?  That’s the question put by Defense News, the leading weekly magazine for defense decision makers worldwide in its recent issue.

In an article looking at the issue of USB security – to which SanDisk’s Enterprise Division contributed – the reporter finds that the ban has proven disruptive to military personnel at all levels.

Equipment maintenance teams would load digital repair manuals into thumb drives and carry thousands of pages of technical data in their pockets.  Pilots would plan missions on computers, then transfer plans to their aircraft computers by memory stick.  And all types of data — briefings, videos, maps, documents and so on — was stored, shared and transferred between PCs using these drives.

They proved themselves capable of surviving dust, water and temperature extremes in Iraq and Afghanistan, with one observer saying they were “GI proof”.

When thumb drives are reintroduced, new security safeguards are likely to include USB Port controls, mandatory encryption on thumb drives, and automatic scanning for malware.  These last two are key features of the SanDisk Cruzer Enterprise range.

A date for the reintroduction of USB pen drives is not yet set, but observers believe it will happen because of the drives’ sheer convenience.

The full article is here.

CDRlabs, the optical storage news and reviews portal, has done an extremely detailed test of Cruzer Enterprise performance, complete with a screen-by-screen guide to set up and usage.

As well as indexing key performance measures such as read / write speeds, it even looks at wear indexing and more, and compares these with two unencrypted, unsecured thumb drives.  The Cruzer Enterprise performs strongly against the competition.

The review points out that the Cruzer Enterprise supports both Macintosh and Windows computers and can be centrally managed using SanDisk’s CMC software. It concludes:  “Thankfully, this extra security didn’t have much of an impact on performance. While not as fast as some other flash drives when reading, the Cruzer Enterprise had no problems holding its own in our tests.”

The full performance test is here.