How do most data breaches happen? It’s probably no surprise that lost laptops and USB drives are the leading cause. Many offices have a security practice to deal with lost computing devices, such as encrypted drives, remote wipes, or lost-and-reporting procedures. But do you have any procedures put together to keep your USB drives secure? Maybe not.
Make no mistake, USB drives are far more likely to be lost than laptops or smartphones are because of their small size, and, truth be told, their seemingly disposable nature. So how do you keep your lost USB drives from turning into a data or network intrusion? Here’s a list of twelve things you can start on today to lock down USB drives.
1. Go James Bond: Need to Know Only
By enabling USB functionality on a strictly need-to-know basis and disabling storage devices on computers that house sensitive information, you can limit exposure and reduce the risk that data is being transferred away from your office without your authorization.
2. Mission: Impossible Remote Wiping (and More)
You’ve got to make sure that those drives have a remote management option, like remote wiping or locking. You can also look into features like re-entry restrictions, disabling portable applications, and—seriously—self-destruct.
3. Tag and Bag
Use drives that provide event logging and geotagging so that the drive retains which computers have used it and where they are.
4. Back It Up
Regularly backing up USB devices internally for data recovery purposes can make sure that a lost drive doesn’t also mean lost opportunity. Make sure that backup drives are safeguarded and have separate procedures controls in place for encryption keys. This is another great way to look into the data that’s being moved to and from the device.
5. Locked Down USBs
Make sure that your office is only issued devices with whole-drive encryption and passphrase protection. You might also find it valuable for key-code protection, like iStorage devices have.
6. Enforced Scan
Make sure that all thumb drives get scanned for malware and malicious programming. Even better, allow for only signed and approved applications to run from that drive.
7. Know Your Assets
Have a count of the number of storage devices in your office. List them by owner and what they’re used for. Once you’ve down that, you can prohibit personal USB devices on any work computers or for any work use. Where possible, issue a unique serial number tagged in the firmware to an individual user. You’ll want to etch it into the outside cover as well.
8. Audit Devices
Set a schedule to make sure that your USB devices are audited regularly. What does an audit entail? For one thing, you can make sure that only those documents that comply with acceptable usage get stored. It will only take a few of these events to get everyone in the office acquainted with the seriousness of new USB policies.
9. Risk Factors
If you find that a device was lost or stolen, take a look at the latest backup data to review what might have been on that device and the potential risk that it poses. Consider your remote management options.
10. More than USB
There are more devices in your office that carry data than just USB drives. Make sure that other mobile devices, like digital cameras and SD card readers have the same controls in place as any USB drive.
11. Test The Procedures
Test the data recovery procedures to ensure that the corporate security office is able to unlock and access any drive in the office—even if the end user or some sort of malware has disabled the device.
Stay Mobile and Safe!
In the office, portable and mobile drives can make the work process much easier for everyone. Keeping an eye on the practices and policies manage looming risks.
Have you heard of an office that’s been compromised because of a lost or stolen USB drive? Would they have benefitted from using any of these rules or an unmentioned policy? Tell us about it in the comments!
You Might Also Like…
