Secure USB Drive

After being banned in November 2008, it looks likely that USB flash drives are about to be reintroduced to U.S. Defense Department computers and networks.

But there will be very strict controls on their use, to avoid future malware and security issues which caused the DoD to suspend the use of all USB memory sticks, removable storage devices and camera flash cards on all networks after a worm infection.

In a recent blog post, the CIO for the U.S. Navy, Robert Cary said Defense officials are finalising details of the new USB security policy.  Cary said in his blog that the important thing is to ensure that thumb drives used in the future cannot transfer viruses to military computers and networks.

Policies will also include practice such as authorised staff being issued with government-owned and procured secure USB drives, a ban on all personally owned flash media, and upgrades to DoD antivirus and malware detection and procedures.  These are all recommended, sensible controls to ensure network hygiene and reduced risks of data losses.

We have just announced that our Cruzer Enterprise secure USB flash drives have raised the bar for secure devices.  They are now the first and only FIPS 140-2 Level 2 USB drives to earn Common Criteria Certification.

This is an internationally recognized ISO standard (ISO/IEC 15408) used by governments and other organizations to assess the security functional requirements and security assurance requirements of technology products. With its certifications recognized in 26 countries, Common Criteria is an important global evaluation standard for security products.

The evaluation examines the entire device to certify its effectiveness in protecting the confidentiality, integrity and availability of sensitive information, and assures users that the security features of the product will perform as expected.

And speaking of performance, the Cruzer Enterprise range is also safe to use in harsh, wet environments, as it has passed environmental tests to meet Military Standard 810-F 506.4 and 512.4 when submitted to immersion and rainy conditions.  That’s a little extra reassurance that your data stays safe.

Our latest article on securing USB flash drives against malware and data loss or theft is now online here, at leading portal Global Security Magazine.

The article looks at how to stop worms such as Conficker propagating onto networks, and using USB memory sticks to spread, based on what happened to UK public sector organisation Ealing Council earlier this year.

It also covers best practice in data security and management.

With more and more entertainment content being released as ‘special edition’ USB flash drives, here are two of the more extreme examples of drive packaging that have been announced this week.

First, here’s a submachine gun-shaped drive for US rap group Get Busy Committee’s new album, released later this month.  And here’s a special edition 4GB drive for the home release of the latest Star Trek movie.

The good news is, with designs as striking as these, users are much less likely to lose them.  However, the temptation to use the huge capacities of the drives to store personal data is also strong.  Despite the novelty and the wow-factor, we would advise keeping such special drives for entertainment only, and using a secure flash drive for any business or sensitive personal data.

Personal data doesn’t get much more sensitive than an individual’s medical and health records, so it’s no surprise that the health sector has been among the leaders in adopting best practices in data security.

This article by John D. Halamka, the chairman of the American Healthcare Information Technology Standards Panel, sets out the issues and proposes a data security standard for all circumstances.

This includes mandatory encryption of data whether at rest or in transit – including the use of secure USB flash drives.  It’s well worth a read.

As you may have seen in the news, there’s a widespread email phishing scam going on that has so far affected over 30,000 users of Hotmail, Google and Yahoo’s web mail services.  Username and password details for these accounts were posted briefly online. 

But there’s also an underlying security issue that needs attention.  Many people often use one password for multiple online applications, such as their webmail, online banking and more.  Which means if a hacker can crack one password, they may have access to many other aspects of your online life.

So it’s worth having a different, and complex, password for every online application that you want to protect.  This is easy to do with our Usecure USB flash drives, as the user interface requires that you use a complex alphanumeric password (it also gives you a handy reminder, just in case you should forget).  But it’s good practice to not use that password again!

Every once in a while, someone launches a USB flash drive that we just have to blog about.  Here’s a striking one that I haven’t seen before:  a scented pendant with internal USB drive. 

If you carry your flash drive as a necklace, I guess it’s fairly secure – or at least, you’ll quickly realise if you lost it.  But adding a scent to the drive is certainly an unusual step.  I wonder what it smells of?

Of course, our secure USB flash drives have no artificial scents applied to them.  But they do keep your data safe in all circumstances – which will leave your organisation smelling of roses if one of our drives is ever misplaced or stolen.

A new large-scale malware outbreak is currently believed to have infected at least 50 of America’s Fortune 100 companies.

Over 70 variants of the malware, known as Mariposa, have been identified, with complex methods of action including email address harvesting, injecting code into known system processes, and downloading further malware onto corporate computers and networks. 

Like Conficker, this new malware can spread by multiple mechanisms, including running automatically from USB flash drives, via an Internet-based update module, and across the MSN Messenger chat network.

Also like Conficker, the exact motivation or the people behind the threat are not known.  But it’s worth checking your AV signatures are fully updated – and we would recommend the use of secure USB drives with onboard anti-malware protection, too.