IT Security & Network Security News & Reviews: USB Drive Security: 10 Tips for Guarding Enterprise Data

 
 
By Fahmida Y. Rashid  |  Posted 2012-01-18
 
 
 

Manage Authorized Devices

Device-level management software helps IT staff track who is connecting USB devices to the network, what kind of data is being transferred and when the activity is happening. If IT staff is not monitoring device activity, sensitive data can be copied and shared with unauthorized outsiders.

Manage Authorized Devices

Block Unauthorized Devices

Sometimes, there is no business reason for the user to have a USB device to read or copy data. If that's the case, just disable the port and block all devices outright. This would also take care of users bringing unauthorized drives and connecting to the computer.

Block Unauthorized Devices

Develop an Encrypted USB Plan

Develop and implement a plan before a breach occurs. The plan should cover how to secure and transport flash drives, who should have access to the data and what to do if the device is lost.

Develop an Encrypted USB Plan

Issue Company-Approved Devices

Instead of just telling employees that they should be using encrypted drives and setting passwords, provide them with authorized devices with a directive that they are the only ones that can be used. If the enterprise doesnt provide secure USBs and implement policies that allow users to be productive, employees usually find a way to work around these security systems out of necessity.

Issue Company-Approved Devices

Pick the Appropriate Level of Security

Understand the many options available that balance corporate needs for cost control, security and productivity.??íLook for the right level of security for the right price. If the organization doesn't need military-grade security, don't pay for it.

Pick the Appropriate Level of Security

User Training and Education

Make sure employees know how to use secure devices. There have been several breaches where the organization required encrypted drives, but the employee didn't use them because they were too hard. Run scenarios to teach employees the consequences of not using secured devices.

User Training and Education

Set Clear Security Policies

Setting a policy is just the first step, but its an incredibly important one. Identify who is authorized to download data onto secure drives and create a policy that limits access to only those users. Make it clear on how to obtain the drives, how they should be stored and what kind of password protection needed.

Set Clear Security Policies

Encrypt the Data

Confidential data should be encrypted before users can do anything with it, whether that's sending it over email or saving onto removable media. If the data isn't encrypted beforehand, attackers can bypass security controls and have direct access to the data.

Encrypt the Data

Secure the Endpoint

Even the most careful user can wind up connecting an infected USB device to corporate computers. Up-to-date antivirus software is critical for keeping the network safe from known and unknown threats. Scan the USB drives as soon s they are connected. For older Windows machines, make sure the patch to disable AutoRun is installed.

Secure the Endpoint

Remove Insecure Devices

A recent Ponemon Institute report found that 72 percent of employees use free drives from conferences and tradeshows, even if the organization provides "approved" devices. Those devices often can spread malware. Encourage employees to "trade in" these devices for company-authorized USB drives.

Remove Insecure Devices

Rocket Fuel