written by Simon

We are usually nervous when we hand over sensitive files to an employee who recently started, one who may soon quit the job, or a partner whom we have been working with for only a month. If a sensitive file contains a new product design or a proposal for a big bid that our company spent considerable money and time to develop, that file is vital for company survival. We may also be anxious when we have even a trustworthy employee, whom we have worked with for a long time, carry the file outside of the office.

We usually use a USB flash drive to manually carry files due to the following reasons: 1) the data file size is too large to send via email, 2) the public cloud or a file transfer service is not as secure as our on-premises storage or service, and 3) a sender wants only the appointed person to handle the files. Thus, we send a trustworthy employee with a USB flash drive containing crucial files to someone to manually retrieve, and we pray that the files will not be breached; however, a USB flash drive is small and can easily be lost or stolen. Moreover, we cannot be assured that a USB flash drive is not intentionally or unintentionally given to an unauthorized person when carried out of the office.

When we ask how to protect a sensitive corporate file on a USB flash drive from being copied, many IT pros first recommend encryption. An encrypted USB flash drive can protect the content—if the USB flash drive is lost or stolen—from a person who doesn’t know the password. General USB flash drives can be encrypted using USB flash drive encryption software. There are encrypted USB flash drives with a physical keypad or embedded with an encryption chip.

But what if a person who knows the password copies a file from the USB flash drive and pastes it to some unauthorized storage or gives the USB flash drive with the password to an unauthorized person?

When we ask about it, some IT professionals say, “That’s not the job of IT. HR should have hired trustworthy employees. And if you are worried about it, you can get employees’ signatures on a non-disclosure agreement (NDA) when they are hired.” Employees who were trustworthy when they were hired can change. They may develop a grudge against their boss or company, or they could get in personal financial trouble and need money. Of course, NDAs can make employees hesitate before performing any wrongdoing; however, at the decisive moment many people “forget” that they signed an NDA when they were hired. Once the data is breached, NDAs cannot save a company, and a company may be awarded significant financial damages in court that an individual cannot indemnify. Worst case scenario: a company can go out of business because of a breach in security.

Finally, someone says, “You cannot protect any file on a USB flash drive from being copied if somebody can see the file, because he or she can write down the content on paper, take photos, or record a video.” This means technology cannot protect you from a data breach. And, what about the security solutions that we are using? Those “analog attacks” are the slowest, most difficult, and most incorrect ways to breach data.

Locking a door cannot completely prohibit all thieves from opening the door without a key, but it can take more time for thieves to open or destroy the lock. The time could result in thieves being caught, hesitating to break in, or giving up before they attempt to break in. That is the purpose of locks. Similar to how we don’t open a door because there is not a perfect lock for every thief, we should not give up on technological security safeguards for data breach because we cannot protect from analog attacks.

Meanwhile, if the sensitive information can be copied by analog attacks, the information should be kept in the founder’s brain. Then that would not be a job of IT.

However, Secudrive USB solutions provides a clear, easy way to protect sensitive files on a USB flash drive from being copied. Secudrive USB Office edition and Secudrive USB CAD edition are secure USB flash drives equipped with encryption chips. These chips make it possible for users to securely read and write Office and CAD files on the secure USB flash drive while protecting the files from being copied, printed, screen-captured, and/or network-transferred. They also record all user activity. Secudrive USB Management Server enables an administrator to manage the USB flash drives and user rights and to monitor file activity logs through the Internet.