Secure USB Drive

We’ve all lost things at some time in our lives – car keys, wallet, mobile phone – and have experienced the frustrations this can cause.  Some might have lost things like laptops, and had to suffer the problems of paying for a replacement, and the loss of useful information that was on the device. 

These problems are irritating, but usually don’t cause much more than minor inconvenience.  If only it was the same in the business world.  That laptop loss, or loss of a USB flash drive, could be just the first of many problems.  Does the business know what data was on that PC or thumb drive?  Did the user remember to encrypt the data?  What are the ramifications if the data falls into the wrong hands?

This article from Jon Collins, head of research company Freeform Dynamics, looks at practical, good-practice steps companies can take to minimise the fallout from device losses. 

It maps closely onto the benefits our secure USB flash drives and data management solution deliver to users – automated, transparent protection of data, the ability to track and audit what data has been copied to devices, and remote device termination.  With the right equipment, small problems will stay small.

Here are some sobering statistics from a recent US survey of IT professionals.  The leading magazine InformationWeek recently announced the findings of its State of Encryption Survey, which polled the opinions of 499 IT staff. 

Only 14% of respondents said encryption is used across their organisations, and just 38% said they encrypt data on mobile devices.  The main reason for deploying encryption (31%) was to meet regulatory requirements – and there’s a strong reason for this, as 44 US states enforce mandatory disclosure of data breaches, and such disclosure can cost organisations hundreds of thousands of dollars. Read More »

This week marks one year since the Conficker worm (known as Downadup at the time) was discovered in the wild.  As we know, it went on to become one of the biggest infections ever seen, with an estimated 12 million-plus PCs infected globally.

This interview with Eric Sites, a member of the Conficker Working Group, looks at what has happened through Conficker’s lifespan, and speculates as to who developed the worm.

Conficker has also been instrumental in driving changes to everyday computing practice.  As one of the first worms to exploit Windows Autorun and to spread via removable media, it’s forced companies to re-evaluate the way they use devices such as USB flash drives. 

It made the security sector look at providing anti-malware software to protect data on devices other than PCs – such as on our secure USB drives with onboard AV scanning.  This shows that with any problem, there is also an opportunity to improve data security.

Earlier this week, the Information Security Forum’s World Congress was held in Vancouver, Canada.  One of the keynote speakers was FBI Assistant Director of Cybersecurity, Shawn Henry.  He spoke about how the new and emerging threats against security are proving effective, and how exploiting security flaws is costing corporates in hard cash.

He also related some recent, effective hacking techniques which his department had investigated.  A key example was during a recent conference, where a malicious party left several USB memory sticks in a nearby parking area, with each device containing malware. Any conference attendee plugging the drive into their laptop to see who it belonged to “was providing egress for a potential adversary,” said Henry.

This reinforces the need for organisations to control how they allow the use of USB devices – good practice is to lock out unauthorised or personal devices, to avoid the risk of this type of hack, and to issue staff with secure USB flash drives that safeguard data against loss or theft.

A new series of licensed Star Wars character USB flash drives is now available.  The set of drives, which includes replicas of Darth Vader, Boba Fett, Imperial Stormtrooper and Yoda, are supplied in capacities from 4GB to 16GB.

While they offer sufficient storage for a huge amount of data – possibly enough even for the blueprints of the Death Star – they don’t offer any on-board protection for that data, if the drive should get lost or stolen. Read More »

Last week’s episode of the British satirical comedy, The Thick of It, showed how the concept of a major public-sector data loss has become so mainstream that it can be the subject of an entire programme.

The story was based around the accidental wiping of a large volume of citizen data within a Government department, with no backup available, and follows the frantic efforts of the department to stop the news leaking to the press. Read More »

More UK companies and Government departments than ever are reporting data losses to the Information Commissioner’s Office, the UK data watchdog, according to recent data.

Reported incidents grew nearly 100% to 356 data losses in the period between November 2008 and September 2009, compared to 190 incidents between October 2007 and November 2008.

The most common type of loss was due to stolen hardware, usually laptops, with 127 such cases.  Another 71 were due to lost hardware – usually USB flash drives – and 78 due to misaddressed discs or memory sticks. 

It’s hard to say whether the number of losses has increased, or if organisations are simply reporting more losses than in previous years.  But it’s reasonable to assume that many of these losses would not have caused problems if the data had been stored on a secure USB flash drive.

If we needed any further reminders, new data has shown that malware which exploits the Windows Autorun vulnerability accounts for more than 35% of the top 10 global infections so far this year.  This is more than double the proportion found in the second half of 2008.

The key findings from Microsoft’s Security Intelligence Report Version 7 show that the Conficker worm, along with a Trojan called Taterf which steals passwords and license keys for popular computer games, were detected on 5.21 million and 4.91 million Windows computers respectively. 

Taterf is notable in that it spreads only via Autorun, and of course Autorun is one of the vectors by which Conficker can spread. 

While our Cruzer Enterprise secure flash drives with onboard McAfee antivirus scanning are able to stop this kind of malware spreading via USB, it’s worth remembering that many other types of portable storage devices are also vulnerable to AutoRun malware.  This includes mp3 players, digital cameras and even digital picture frames. 

We suggest being cautious in allowing any unauthorised devices to be used on the corporate network, and ensuring that antivirus software and software patches are kept fully up to date.

We have posted about this a little earlier this year, but it’s worth mentioning again that the UK Information Commissioner’s Office, which is the data watchdog for the UK Government, continues to take tough measures with public sector organisations that have suffered data breaches.

Most recently, a UK healthcare organisation misplaced 3 unsecured USB flash drives with confidential patient details, and has signed an undertaking confirming that the Trust will take a number of steps to ensure personal data is kept securely.
 
The Assistant Commissioner at the ICO said: “I urge all NHS organisations to restrict and encrypt the amount of sensitive information stored on portable devices. In this case, our investigation found that there was a lack of understanding and awareness among staff of their responsibilities under the Data Protection Act.”

This is good practice, and a good argument for deploying secure USB flash drives.