Request A Quote
January 3, 2013 in Insights

11 Tips to Keep Your USB Drives Safe

How do most data breaches happen?  It’s probably no surprise that lost laptops and USB drives are the leading cause.  Many offices have a security practice to deal with lost computing devices, such as encrypted drives, remote wipes, or lost-and-reporting procedures.  But do you have any procedures put together to keep your USB drives secure?  Maybe not. Make no mistake, USB drives are far more likely to be lost than laptops or smartphones are because of their small size, and, truth be told, their seemingly disposable nature.  So how do you keep your lost USB drives from turning into a data or network intrusion?  Here’s a list of twelve things you can start on today to lock down USB drives.

1. Go James Bond: Need to Know Only

James Bond Need to Know Only By enabling USB functionality on a strictly need-to-know basis and disabling storage devices on computers that house sensitive information, you can limit exposure and reduce the risk that data is being transferred away from your office without your authorization.

2. Mission: Impossible Remote Wiping (and More)

Mission Impossible Remote Wiping You’ve got to make sure that those drives have a remote management option, like remote wiping or locking.  You can also look into features like re-entry restrictions, disabling portable applications, and—seriously—self-destruct.

3. Tag and Bag

Tea and Bag Use drives that provide event logging and geotagging so that the drive retains which computers have used it and where they are.

4. Back It Up

Back It Up Regularly backing up USB devices internally for data recovery purposes can make sure that a lost drive doesn’t also mean lost opportunity.  Make sure that backup drives are safeguarded and have separate procedures controls in place for encryption keys.  This is another great way to look into the data that’s being moved to and from the device.

5. Locked Down USBs

Locked Down USB - iStorage USB Device Make sure that your office is only issued devices with whole-drive encryption and passphrase protection.  You might also find it valuable for key-code protection, like iStorage devices have.

6. Enforced Scan

Enforced Scan Make sure that all thumb drives get scanned for malware and malicious programming.  Even better, allow for only signed and approved applications to run from that drive.

7. Know Your Assets

Know Your Assets Pile USB Drives Have a count of the number of storage devices in your office.  List them by owner and what they’re used for.  Once you’ve down that, you can prohibit personal USB devices on any work computers or for any work use.  Where possible, issue a unique serial number tagged in the firmware to an individual user.  You’ll want to etch it into the outside cover as well.

8. Audit Devices

Audit USB Device Set a schedule to make sure that your USB devices are audited regularly.  What does an audit entail?  For one thing, you can make sure that only those documents that comply with acceptable usage get stored.  It will only take a few of these events to get everyone in the office acquainted with the seriousness of new USB policies.

9. Risk Factors

Risk Factors - Man Hacking USB Drive If you find that a device was lost or stolen, take a look at the latest backup data to review what might have been on that device and the potential risk that it poses.  Consider your remote management options.

10. More than USB

More Than USB - All Mobile Devices There are more devices in your office that carry data than just USB drives.  Make sure that other mobile devices, like digital cameras and SD card readers have the same controls in place as any USB drive.

11. Test The Procedures

Test The Procedures Test the data recovery procedures to ensure that the corporate security office is able to unlock and access any drive in the office—even if the end user or some sort of malware has disabled the device.

Stay Mobile and Safe!

In the office, portable and mobile drives can make the work process much easier for everyone.  Keeping an eye on the practices and policies manage looming risks. Have you heard of an office that’s been compromised because of a lost or stolen USB drive?  Would they have benefitted from using any of these rules or an unmentioned policy?  Tell us about it in the comments! You Might Also Like…

Leave a Reply

Your email address will not be published. Required fields are marked *

By browsing this website, you agree to our privacy policy.
I Agree