Manage Authorized Devices
Manage Authorized Devices
Device-level management software helps IT staff track who is connecting USB devices to the network, what kind of data is being transferred and when the activity is happening. If IT staff is not monitoring device activity, sensitive data can be copied and shared with unauthorized outsiders.
Block Unauthorized Devices
Sometimes, there is no business reason for the user to have a USB device to read or copy data. If that's the case, just disable the port and block all devices outright. This would also take care of users bringing unauthorized drives and connecting to the computer.
Develop an Encrypted USB Plan
Develop and implement a plan before a breach occurs. The plan should cover how to secure and transport flash drives, who should have access to the data and what to do if the device is lost.
Issue Company-Approved Devices
Instead of just telling employees that they should be using encrypted drives and setting passwords, provide them with authorized devices with a directive that they are the only ones that can be used. If the enterprise doesnt provide secure USBs and implement policies that allow users to be productive, employees usually find a way to work around these security systems out of necessity.
Pick the Appropriate Level of Security
Understand the many options available that balance corporate needs for cost control, security and productivity.??ÃLook for the right level of security for the right price. If the organization doesn't need military-grade security, don't pay for it.
User Training and Education
Make sure employees know how to use secure devices. There have been several breaches where the organization required encrypted drives, but the employee didn't use them because they were too hard. Run scenarios to teach employees the consequences of not using secured devices.
Set Clear Security Policies
Setting a policy is just the first step, but its an incredibly important one. Identify who is authorized to download data onto secure drives and create a policy that limits access to only those users. Make it clear on how to obtain the drives, how they should be stored and what kind of password protection needed.
Encrypt the Data
Confidential data should be encrypted before users can do anything with it, whether that's sending it over email or saving onto removable media. If the data isn't encrypted beforehand, attackers can bypass security controls and have direct access to the data.
Secure the Endpoint
Even the most careful user can wind up connecting an infected USB device to corporate computers. Up-to-date antivirus software is critical for keeping the network safe from known and unknown threats. Scan the USB drives as soon s they are connected. For older Windows machines, make sure the patch to disable AutoRun is installed.
Remove Insecure Devices
A recent Ponemon Institute report found that 72 percent of employees use free drives from conferences and tradeshows, even if the organization provides "approved" devices. Those devices often can spread malware. Encourage employees to "trade in" these devices for company-authorized USB drives.