You increasingly hear in the news of customer data being found on an employee’s lost laptop, simply because they didn’t bother to password protect folder contents. USB flash security is an even bigger concern for companies as these are even more portable than laptops and prone to being lost or stolen. Here, we’ll look at how software and hardware approaches can be used to safeguard USB files from prying eyes.
USB Flash Memory Security – The Concerns
The big concern with USB memory is that it can store vast amounts of files. There is very little to stop an employee storing customer information, source code, financial details, HR records, business plans, etc. on a disk that can be so easily taken out of the building.
The negative impact to customer loyalty, competitive plans and company reputation can be immense.
USB Flash Disk Security – Using Encryption Software
Software vendors have been quick to produce USB specific software that can be used on existing USB drives to secure information. They work by using an encryption algorithm along with a user password to encrypt the information as it is stored to USB memory.
If someone finds a lost USB drive then they may be able to scan the flash disk memory but the files will be decipherable, so long as a secure password is used.
Suggested Software: BitLocker to Go, True Crypt
- Can incorporate company software to synchronize/backup data to a computer or network.
- Can be retro-fitted to existing USB memory, which reduces the cost of implementation.
- Prone to weak password issues (hackers guessing a user’s basic password). This is a danger with any data protection policies, not just USB flash security.
- Only as strong as the encryption algorithm being used.
USB Flash Disk Security – Using USB Hardware With Encryption Chips
The used of dedicated encryption chips has long been used to fix computer security loopholes by transparently encrypting all documents as they are stored to disk. The approach has now been applied to USB flash disks with their own dedicated chips used to encrypt files.
The chip can also provides additional protection by being able to overwrite flash memory with random information if the password is incorrectly entered a set amount of times. If the USB drive is lost then a person would need the password to read the USB contents and even a mechanical recovery (directly reading the memory) would not succeed as the information is encrypted in memory.
Lexar, IronKey and Edge all produce secure flash devices with chip-based USB protection.
- Can limit employees to using only these special USB disks
- High level of USB flash security/data protection can be enforced even if the user has a weak password.
- Cost of USB drives with encryption chips can be high.
- Some reported cases of encryption chip algorithms being hacked.
In Conclusion: Employees should adhere to whatever USB flash security policy there company provides and safeguard their own data where possible. Home users should also look at USB flash memory security, especially for personal information/photos that they store on these drives and incorporate a USB backup approach (e.g. using Final Sync to synchronize USB contents to a laptop) to reduce the impact of losing the device.