written by Simon
On October 28, Daily Mirror reported a severe data breach through an unencrypted USB flash drive that was discovered by a pedestrian in the street of west London. The USB flash drive contained 2.5 GB of classified data, in the form of at least 174 documents, maps, and images. Discovering what this data detailed alarmed the authorities at Heathrow Airport, as it revealed top secret information that was critical to the UK’s national security such as Queen’s route to the airport, security patrol timetables, IDs for restricted areas, and operating manuals for Doppler radar surveillance system. The shocking details did not stop, as the USB flash drive was not even encrypted, meaning that anyone could access it without entering a password. The Metropolitan Police is seriously considering this happening as a terror threat and is currently investigating how this critical information was originally leaked out. Furthermore, the authority may have to invest a massive budget to build a new security system for Heathrow Airport, as the current system may have been already compromised and possibly leaked out to the wrong hands.
Without a doubt, this security lapse has been a hot issue in IT security industry. Right after the news broke out, Spiceworks, one of the biggest online communities for IT professionals, has been conducting a poll to find out if IT professionals or organizations prevent data leaks by encrypting data or disabling USB ports. As of November 14, the results showed that 325 of 865 respondents (38%) neither encrypt data nor disable USB ports to prevent data leaks. Among those that impose security measures, 26% disabled USB ports, 13% encrypted their data, and 18% implemented both.
Organizations that appreciate data security disable USB ports on employees’ PCs, as 44% of the respondents answered in the poll above. This security measure allows the IT administrators to monitor who transferred and worked with what data through which network, only by permitting data transfer online. However, this measure presents a shortage, as the data security still remains in doubt due to the inability of managing the file activity once the files leave the secure office premises. In response to this shortage, organizations often store the files on USB flash drives that will be given to trustworthy employees who monitor the file activity with naked eyes, ensuring that nothing gets out and the files return safely to the office premises. Additionally, organizations use USB drives in other numerous ways to store and transport data within, or outside the office premises. Therefore, USB drives are considered as the widely accepted means for data management and transport, as 51% of poll respondents do not disable USB ports or only encrypt their data.
However, is USB drive encryption or USB port restriction, or even a combination of both truly enough to achieve reliable data security standards? Are we covering all the possible fronts?
Going back to the security lapse concerning Heathrow Airport, it is beyond belief to learn that an authority that is responsible for the national security of the highest order does not use encrypted USB flash drives. However, even if they did encrypt their USB flash drives and top secret data, would this solution be sufficient to prevent data leaks in the future?
The answer is a clear no, as the risk of data leakage by an insider with the highest security clearance, who can copy and export the top secret files to the wrong hands via USB flash drives, can never be overlooked. Even worse, it is almost impossible to identify the ‘what,’ ‘who,’ and ‘when’ about the data leakage.
If you must store ‘top secret information’ on USB flash drives, they must be not only encrypted but also copy-protected. If an employee, who is carrying one or more USB flash drives with top secret information, must work with a co-worker out of office, it is imperative to restrict the employee’s right to copy, print, screen capture, and network transfer the files on the USB flash drives. Moreover, the USB drives must be configured to be only accessible via specifically permitted IPs, and the administrator must be able to monitor all activities real-time through the internet. Secudrive USB drive solutions are designed to prevent any leakage of top secret information from USB flash drives.
If you expect a potentially catastrophic result from leakage of top secret information, Secudrive USB flash drives are the perfect solution that provides infallible security with hardware encryption chip, copy-protection with digital rights management, and remote monitoring and management. Before trusting your employees or official documents like non-disclosure agreement, protecting your data from leakage, malicious or accidental, begins by establishing a robust and dependable security system that protects your confidential, top secret data from both internal and external threats.