Hardware, Software, Technology

How-to: Secure those USB Sticks


USB flash Drive by TEL0000, Wikimedia CommonsHow often do you scan your USB flash memory sticks for malware and viruses?

A little post we found on a supplier’s blog reminded us just how ubiquitous USB sticks have become – the equivalent of the old fashioned ‘sneaker-net’ in the days before networks when we used to copy things onto floppy disk and walk it across the office.

“For years, people have used USB sticks to back up their files on an external device. Through doing this they have felt that their files were safe and secure, but they were wrong. Unknowingly they have been exposing their companies to a potential security disaster.”

Given that the virus that hit the Iranian nuclear programme was allegedly propagated via USB stick, this is not a problem to be ignored.

How often have you used these devices to save important documents, move them to different parts of your organisation without permission or any form of data protection, with the possibility that the files could become corrupted and infected with malware or even be stolen when you leave the USB stick in a cafe?

“A study done on behalf of Kingston Technology showed that when polling 450 IT staff in the UK from a global total of 3,000, found that 73% of experienced staff used USB drives without permission, with 72% not mentioning if the data was corrupted or lost. Of the whole group, only half even thought to employ some form of security policy to these devices or showed adequate awareness of risk with these devices.”

Don’t ignore the standard security protocols you would normally follow. Ondrej Krehel, of security company Identity Theft 911, earlier this year gave “Twelve Security Best Practices for USB Drives”:

  1. Enable USB functionality on a need-to-have basis. Disable storage devices on computers with access to sensitive information. It will limit exposure and reduce the risk of unauthorized data being transferred away from your organization.
  2. If your business needs USB drives, issue devices that provide whole drive encryption and are passphrase protected.
  3. Make sure those drives have remote management options, such as remote wipe or remote lock. Drives like those from Iron Key have remote administration tools that also enforce strong passwords, have strict re-entry limits, disable portable applications and, believe it or not, even self-destruct.
  4. Look for drives that provide event logging and geo-tagging, so information on what computer, and where, is retained on every use.
  5. Enforce USB scanning on all corporate computers whenever a thumb drive is plugged in. This can help ensure no malware or malicious programs are on the drive. Allow only corporate signed and approved applications to be run from the drive.
  6. Regularly audit USB devices to ensure that only documents in compliance with acceptable usage are being stored. This is a snatch and scan. It only takes of few of these kinds of trips around the office before everyone is very aware of the seriousness of the new USB policy.
  7. Perform regular backups of USB devices internally, including encryption keys, for data recovery purposes. Ensure that backups are properly safeguarded, and have separate procedures and security controls for backup of encryption keys. It’s also another excellent way to monitor what information is being moved to and from the device.
  8. Test data recovery procedures to ensure that the corporate security office can unlock and access any USB drive, even if an end user or malware maliciously disables the USB drive.
  9. Ensure that mobile devices with USB storage cards—such as digital cameras and SD Card readers—have the same controls as any USB drive.
  10. If possible, issue USB devices with unique serial numbers tagged in the firmware, as well as etched on the outside cover.
  11. Know your assets. Have a precise count of the USB devices at your organization. List them by owner and use. Ban use of all personal USB devices, without question, on any work computers or for any work use.
  12. If a USB device is lost, take a look at that latest secure backup to review what was lost and the potential risk. Consider recovering the drive through those geotagging features or wiping, or destroying the device with remote administration tools.

For the ordinary user like you and me, this can seem like a right royal pain in day-to-day use; it is. But the peace-of-mind and extra data security it gives you will be immeasurable on the day that one of those handy little memory sticks goes missing! AJS

Image credit:USB Flash Drive by TEL0000, licensed Creative Commons, Wikimedia Commons

About Allan J. Smithie

Allan J. Smithie is a journalist and commentator based in Dubai.

Discussion

6 thoughts on “How-to: Secure those USB Sticks

  1. Nothing like unsecured USB access to blow your security into the ether.

    Posted by J. Blekloshis | May 1, 2012, 3:53 am
  2. You made a number of beneficial points there.

    Posted by Duchaine | May 29, 2012, 2:29 am
  3. Increasing theft, vandalism and break-ins have resulted in most of us getting paranoid about the safety of our office. This increasing trend has snatched the peace of mind. I’m sure you’re wondering what you could do to restore that peace of mind. Simple: lockdown PC’s with Windows group policy an disable USB ports.

    Posted by Maneesh | June 4, 2012, 6:46 pm
  4. thanks for the information.

    Posted by Cecim Martinez | August 31, 2012, 1:09 pm

Trackbacks/Pingbacks

  1. Pingback: txwikinger-open-source | Scoop.it - May 5, 2012

  2. Pingback: How-to: Wipe Data Securely « Everything Express - January 22, 2013

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Twitter Updates

Follow us on Twitter @EverythingExpre

Find Us on Facebook

Enter your email address to follow this blog and receive notifications of new posts by email.

Categories

Library

BBC World News

BBC World News
Opens the BBC World News page.
Follow

Get every new post delivered to your Inbox.

Join 161 other followers

%d bloggers like this: