As you may have seen in the news, there’s a widespread email phishing scam going on that has so far affected over 30,000 users of Hotmail, Google and Yahoo’s web mail services.  Username and password details for these accounts were posted briefly online. 

But there’s also an underlying security issue that needs attention.  Many people often use one password for multiple online applications, such as their webmail, online banking and more.  Which means if a hacker can crack one password, they may have access to many other aspects of your online life.

So it’s worth having a different, and complex, password for every online application that you want to protect.  This is easy to do with our Usecure USB flash drives, as the user interface requires that you use a complex alphanumeric password (it also gives you a handy reminder, just in case you should forget).  But it’s good practice to not use that password again!

Our Cruzer Enterprise secure USB flash drives have been further enhanced to meet the needs of government employees.  The drives have been independently tested to be waterproof under Military Standard 810-F, and the user interface has been reconfigured for better accessibility for visually-impaired users. 

The drives are certified as waterproof when immersed or in rainy conditions.

The drives are also suitable for use by the visually impaired under the requirements of Section 508 of the Rehabilitation Act of 1973, which requires federal agencies to make IT accessible to people with disabilities.  The drives’ user interface is compatible with assistive technologies such as screen reader software that recreates the Cruzer Enterprise’s GUI through text-to-speech representation or via a Braille output device.

Of course, Cruzer Enterprise drives feature industry-leading cryptographic modules and encryption algorithms, and are fully compliant with Trade Agreements Act (TAA) requirements, qualifying them under the strictest federal guidelines.  They are also the only secure USB drives listed for Common Criteria certification.

Data Leak Prevention (DLP) is a topic that always sparks debate amongst IT people, as it demands a complex mix of technology, policies and buy-in from users to make it truly effective.  This article has drawn on the opinions and experience of a number of CSOs to focuses on five technological approaches that, when used together, should offer a solid defense for data.

As well as covering key elements such as encryption, gateway protection and email filtering, it mentions that “being able to control the use of USB devices is a key requirement of a DLP solution.”

This is certainly true.  But it’s not just the usage of USB devices.  What the article fails to mention is the need to protect the data while it’s on USB pen drives, with robust and automated encryption.  After all, without this, a user could put sensitive data unprotected on an authorised USB device. 

That’s why organisations use secure flash drives like our Cruzer Enterprise range as a core part of their DLP programme, because they secure data on the move without the user having to make decisions about it.

With around 250 data breaches publicly reported in the United States between Jan. 1 and Jun. 12 this year, rogue employees and hackers were the major causes according to figures released this week by the Identity Theft Resource Center.

Theft by employees and hacking were each responsible for 18% of all incidents, an increase of around 10% compared with the same period in 2008.

The Center also found that 14% of breaches so far this year were due to data contained on lost or stolen digital media, such as a laptop or USB thumb drives.  That’s still a significant number – and all the more reason to consider using a secure USB flash drive solution, such as our Cruzer Enterprise range.

Missing or stolen USB flash drives have had a great deal of attention over the past two years.  But bigger drives can go astray too, and when they do, it can mean a truly massive data loss.

It was announced yesterday that a hard drive has been reported missing from the US National Archives, containing over 1 terabyte of sensitive data from the time of President Clinton’s administration.  Data includes the personal information of White House staff and visitors, logs of events, social gatherings, political records and more.

The drive was apparently stored in an unsecured work area, where National Archives employees were digitising information from the Clinton administration.  It’s estimated that over 100 staff had access to the area during the time period when the loss happened.  The FBI is now conducting a criminal investigation.

Mandatory hardware encryption – like that featured on our Cruzer Enterprise range of secure USB flash drives would have nullified the threat of such a loss.  As the old saying goes, the bigger they are, they harder they fall.  That applies to drive storage, too.

Torbay Care Trust, an integrated community health and adult social care organisation in the South West of England, has chosen our Cruzer Enterprise secure USB flash drives to help protect mobile data stored on the drives from unauthorized access.

The organisation has purchased and rolled out 1000 Cruzer Enterprise flash drives. The drives will be issued to and used by all staff members, in particular those employees working remotely or transferring data between sites.
 
“We decided to deploy an encrypted USB solution across the Trust as data security breaches have become a national concern,” said Sue Fankhauser, IT buyer for Torbay Care Trust. “Our IT department felt that it was necessary to employ a best-practice solution to protect data against any potential threats and to reassure the public that patient data is secured. After evaluating numerous encrypted flash drives, we chose the Cruzer Enterprise flash drive because it met all of our security requirements.
 
“We also asked SanDisk to send us the USBs without any unnecessary packaging - which they were more than happy to do. As well as being environmentally friendly, this produced no waste at our end, helping to support our eco-friendly policies.”
 
Recent data security breaches within other Government organisations have led to calls for greater data security with transportable media devices, such as data sticks, and by deploying the SanDisk drive, Torbay Care Trust feels it is setting the standard for others to follow.

With Windows 7 now being available to download, many users will be exploring and experimenting with its new features. 

One of these that’s been getting a lot of interest online is the built-in ability to encrypt removable storage devices, such as existing USB thumb drives.  While it’s good to see an operating system with integrated security features, it’s worth looking at the details of exactly how secure the method is.

While this software encryption does offer reasonable protection for data – and is certainly better than no encryption at all – it can still leave data vulnerable.  The software-based encryption used in the article is not “always on” as part of the device specifications – so the user has to remember to actively encrypt data.  Unlike the hardware encryption on our Cruzer Enterprise range of secure USB drives.

Second, hardware-based encryption does not require any type of driver or software installation on the host PC.  This keeps the encryption independent of the PC without leaving behind software footprints. 

So if you’re going to remember to encrypt every piece of sensitive information you carry on a pen drive, the Windows 7 approach is fine – but you shouldn’t rely on it for every user in an organisation.

Hay Group, a global management consultancy, is deploying Cruzer Enterprise secure USB flash drives and Central Management & Control (CMC) software to help protect confidential business and client data.

The company’s UK operation wanted to extend data security to cover USB flash drives, and add further protection for third-party data and internal files against loss or theft while its consultants are away from the office.  The company also plans to deploy SanDisk’s Central Management & Control (CMC) software to manage the lifecycle of the drives.
 
Gary Spokes, Hay Group’s data protection officer said:  “Intellectual property is our business – and clients rely on our confidentiality.  As part of our ongoing drive to improve data security, we identified the increasing use of USB memory sticks by our consultants.  We wanted a solution that kept the convenience of the drives, while ensuring data was fully protected.”
 
Hay Group UK IT manager Parminder Bharj added:  “The CMC software was a key factor for us, as it synchronizes with Active Directory to ensure adherence to our data security policies.  For example, we can ensure users can only set complex passwords, and terminate drives that are lost or stolen.  It lets users get on with their work without having to worry about data being secured.”

NHS Dumfries & Galloway, one of the largest public health service providers in Scotland, UK, has selected SanDisk’s Cruzer Enterprise USB flash drives and CMC server software, to secure confidential patient information at both the company headquarters and in 50 field offices across Dumfries and Galloway in South West Scotland.

It has deployed over 1,100 Cruzer Enterprise USB flash drives with SanDisk CMC server software to protect transfers of otherwise unencrypted, personally identifiable information in electronic format.

With data loss and theft on the rise in government agencies in the UK, in 2008 NHS Dumfries & Galloway started an initiative to implement stringent policies for safely storing patient data on PCs, laptops, PDAs and other mobile devices, to proactively manage potential security problems before they happened.

It tested and benchmarked several solutions before selecting Cruzer Enterprise USB flash drives and CMC server software.

We’re currently working with several other healthcare organisations in the UK on similar projects – watch this space for further announcements.

For more information, see the following:

Removable storage protection for Scottish health care trust

NHS Dumfries & Galloway secures patient records carried on USB memory sticks