Four Basic Requirements for USB Security
written by Simon
USB flash drives are still popular portable storage devices because they are small and have relatively large storage capacities. Data on USB flash drives are not only readable but also editable, while data on CDs/DVDs are only readable. Users can edit the data on USB flash drives anywhere and in any situation.
You can place data on a USB flash drive to keep it physically separated from the rest of the data on a laptop and minimize the effects of a data breach if you lose the laptop. You can also use data on a USB flash drive by plugging it into a computer even when you’re offline; in contrast, you can access data on the cloud only through a network, meaning you can only use it when you’re online.
Although USB flash drives have significant advantages over other storage devices, many organizations now prohibit employees from using them by blocking the USB ports on their computers. These organizations make employees use and transfer data only through their networks, through which they monitor their data activities. The reason for this prohibition is that USB flash drives are vulnerable and lack security safeguards—unlike computers, which various information-security solutions protect to prevent data breaches.
However, many organizations still use USB flash drives. Some allow employees to use them freely to increase productivity, while others allow them in special cases despite prohibiting them generally. Companies that allow USB flash drives should use ones that are safeguarded by security solutions as secure as laptops are to prevent data breaches. If the data on a USB flash drive is as important as the data on a laptop is, it is easy to understand why it is imperative to protect the drive’s data. Below, we describe basic ways to protect data on a laptop. These basic methods can also promote USB security.
First, encryption software should be installed on a laptop in case it is lost or stolen. Second, antimalware software is required to prevent malware infections. Third, data-loss-prevention software protects against unauthorized data transfers outside the office. Finally, laptops should be managed collectively and remotely. The organization should require these four basic principles of laptop data security.
Encryption guards against data breaches in the event the device is lost or stolen. Some encryption software can encrypt general USB flash drives. Some USB flash drives include preinstalled encryption software, and others include an encryption chip or keypad. Generally, USB flash drives with encryption chips are recommended for the enterprise level of security (read about Types of Encrypted USB Flash Drives).
A USB flash drive also needs anti-malware software to prevent malware infections. When a USB flash drive is plugged into a computer that malware has already infected, the malware can easily infect it as well. The infected USB flash drive can then spread the malware to other computers in the organization.
You should prevent users from taking files from your USB flash drive without your permission. You cannot monitor an unauthorized data breach if a user uses the drive outside the network; therefore, you need to prohibit user rights to copy, print, screen-capture, and network-transfer files containing sensitive data before giving the drive away. That is the only way to protect against data breach.
Finally, you should remotely monitor what users do with the files on USB flash drives they borrow from you. Before you give one to a user, you should set the password, usable period, usable IP bandwidth, and user rights. When a USB flash drive is lost or stolen, you can remotely destroy its data or block access to them. When using a USB flash drive offline, you should save its usage logs and transfer them through the network when you return to online use. You should also manage user rights and usage for offline users.
Secudrive prepares its USB solutions to meet the four basic requirements for USB security. It equips all its USB flash drives with AES-256 encryption chips, so only users who know the passwords can access them, and all their files can be transparently encrypted by the chip every time a file is storing on the drive. Secudive can preinstall the Trendmicro malware module for USB security to prevent malware infection by client request. The antimalware module can automatically update when a USB flash drive connects to the Internet. Secudrive USB Office and Secudrive USB CAD make it possible to protect users from unauthorized copying, printing, screen-capturing, and network-transferring various Office and CAD files. Finally, Secudrive USB Management Server enables administrators to manage security policies—including user rights—and monitor file-activity logs remotely.