Secure USB Drive

The Chief Technology Officer (CTO) for the State of Michigan, Dan Lohrmann, recently gave this revealing interview. 

In it, he mentioned that the state has cut its overall IT spend by around 20% to $400 million per year.  However, spending on IT security has doubled in the last five years.  Also, when asked specifically about the risks of USB flash drives for data loss and introducing malware, Lohrmann commented:
 
“Certainly, data loss prevention.  It doesn’t necessarily mean it is intentional, but it is the insider threat. People think they are doing the right thing by bringing a Word document home with them - maybe that has some sensitive information on it - and use a home PC; they can certainly bring a virus back into the enterprise. We do have some protection mechanisms in place on devices to look for endpoint viruses and things.”

It’s good to see this strong awareness of the need to protect mobile data is out there at the highest levels.  Hopefully we see data losses and leaks finally starting to diminish this year.

With over 150 million flash drives sold worldwide last year, according to analyst Gartner, there’s an incredible amount of unsecured information being carried around in people’s pockets, bags, briefcases and cars.

And even if users think they are being safe by regularly deleting old files from their ordinary USB sticks, they are not.  In a similar way to a conventional hard disk, deleting a file does not mean it has gone forever.

In fact, all that has happened is that it has been hidden.  The delete function merely erases the reference to the file in the FAT (file allocation table) on the drive.  The file and data are still there, and by using FAT data recovery or repair tools, those “deleted” files can be easily found again.

It’s another good reason to deploy and use truly secure USB flash drives, like our Cruzer Enterprise, which keeps ALL data on them secured against unauthorised access and use, at all times.

With around 250 data breaches publicly reported in the United States between Jan. 1 and Jun. 12 this year, rogue employees and hackers were the major causes according to figures released this week by the Identity Theft Resource Center.

Theft by employees and hacking were each responsible for 18% of all incidents, an increase of around 10% compared with the same period in 2008.

The Center also found that 14% of breaches so far this year were due to data contained on lost or stolen digital media, such as a laptop or USB thumb drives.  That’s still a significant number – and all the more reason to consider using a secure USB flash drive solution, such as our Cruzer Enterprise range.

This entry in the TrustedSource blog of SanDisk’s anti-virus partner, McAfee, talks about the continued rise of malware which exploits the Windows AutoRun feature to replicate onto removable media, such as USB thumb drives

Of course, our Cruzer Enterprise flash drives with onboard McAfee antivirus scanning are able to stop this kind of malware spreading.  But the blog entry makes the worthwhile point that other types of portable storage devices are also vulnerable to AutoRun worms, not just pen drives.

mp3 players, digital cameras and even digital picture frames are vulnerable, and what’s more, are just as likely as a thumb drive to be used in multiple machines — helping to spread the worm further. 

The message is, be careful when using any USB device – and keep your antivirus software up to date.

A new data security survey has been released, polling the opinions of nearly 1000 IT professionals on their data security practices and habits.

At first reading, it looked to be following the same approach as many previous surveys, pointing the finger of blame at users for causing security breaches by copying confidential company data to USB flash drives. 

As we have discussed on this blog before, it’s all too easy to blame users, when the company should share equal blame for not helping to make security easy for individuals – for example by deploying secure pen drives to all users.

However, on reading further, the survey takes a more balanced view.  57% of the survey sample blamed their companies for ineffective data security policies, and 58% said they were not provided with enough data-security-related training. 

It’s good to see signs that the awareness of the true causes of data losses is growing.  Securing against leaks needs a combination of policies, and products to enforce them.  As we have said before, the sooner we can stop the blame game and work together to improve security, the better.

We often see newsflashes telling us about the latest data breach, caused by a lost thumb drive or stolen laptop.  But what happens after the initial loss?  What are the ramifications and the fall-out?

This article shows what happened after a loss of very sensitive data in August 2008, when an employee of IT contractor PA Consulting lost a USB flash drive with the details of all the UK’s 84,000 prisoners.

The contractor was working for the UK Government’s Home Office and human error led to the stick and the unencrypted data being misplaced.  The employee immediately told supervisors, who then told the UK Ministry of Justice (MoJ) and the Home Office.  Although police were brought in to search the offices and the employee’s home and car for the missing memory stick, it was never found.

The unhappy result was, the contractor lost its contract, and the employee’s and line managers’ jobs were lost too.  Home Office staff are now advised not to use flash drives.  All for a single data loss. 

The fact is, it’s impossible to stop devices getting lost or stolen.  But the risk can be mitigated – and the extensive, unpleasant fall-out stopped – by enforcing encryption on these devices.

Here’s a useful article offering business travellers useful tips on how to secure their data when they are travelling.  It covers practical and safe methods to safeguard information on laptops, smartphones and removable storage media in airports and other areas where devices are easily lost or stolen.

However, one recommendation that demands caution is the advice to use free encryption software to protect data on laptop hard drives, USB flash drives and so on.

As we’ve posted here before, this approach gives a fair level of protection for data and is better than no encryption at all.  But it’s worth noting its shortcomings:  such software-based encryption is not “always on” – so the user has to remember to actively encrypt data.  Unlike the hardware encryption on our Cruzer Enterprise range of secure drives.

With a true secure USB flash drive, you don’t have to worry whether the data you’re packing is encrypted.

Following last Friday’s announcement by President Obama of his plan to stop cyberthreats, it was perhaps inevitable that someone would introduce a Barack Obama USB drive.

And here it is.  The 2GB USB drive has a hologram of Obama’s face on its front cover, with the drive rotating out from the side.  The drive is also pre-loaded with some of President Obama’s most famous speeches, including his inaugural address. 

Unfortunately, despite his recent address about national data security, the drive is not encrypted

Network Products Guide, an industry-leading publication on information technologies and solutions, has named the Cruzer Enterprise with McAfee as a winner of its 2009 Product Innovation Awards, in the Portable Media category.

These awards recognize vendors whose innovative products bring essential changes to the information technology industry.  The Cruzer Enterprise with McAfee, introduced in October 2008, was the first USB security solution with onboard anti-virus scanning, protecting against worms, viruses and trojans that spread via removable storage media.

This capability is now a key element in endpoint and network security, thanks to the growth in malware which spreads via removable storage, including the Downadup / Conficker worm.

When President Obama laid out his ambitious plan to thwart cyberthreats on Friday, he recognised what many have known for a long time – data and networks can be used as weapons against a nation’s security if they are not properly protected.

In his Friday address, he specifically mentioned the 2008 infection of Department of Defense computers by malware, which originated from an infected USB flash drive.

President Obama said:  “In one of the most serious cyber incidents to date against our military networks, several thousand computers were infected last year by malicious software — malware. And while no sensitive information was compromised, our troops and defense personnel had to give up those external memory devices — thumb drives — changing the way they used their computers every day.”

As posted on this blog last year, the spread of malware via USB sticks is easily stemmed by using secure flash drives with onboard anti-malware, such as our Cruzer Enterprise range.  Some aspects of the battle to secure data and networks will be long and difficult.  However, when it comes to securing data on pen drives, it should be a very quick win.