USB Flash Drives a Security Threat?

Progress in new technology, driven by the fall in Nand Flash price, has led to a number of small devices that can hold a significant amount of data. The device that epitomises all of these is the USB Flash Drive. In 1999 a 16MB USB Flash Drive cost £50 now a 4GB USB Flash Drive costs only £10.

USB Flash Drives have been a great friend to businesses over the last few years, making it quick and easy to transfer data from one machine to another and to carry work home to finish without needing to haul around a heavy laptop. However, with flash drives being able to hold ever growing amounts of data and transfer data faster than ever, USB flash drives are being looked at by some companies as one of their biggest threats to security.

The use of USB Flash Drives in business poses three categories of risk: the contraction of a computer virus; the loss of data and the theft of data. All three of these are considerably serious: a computer virus could totally wipe out a company’s IT infrastructure and delete their most important files, if the company hasn’t an effective data backup this could ruin it; if a company holds sensitive information and loses it, the company could be found to have broken the DPA and could get fined a crippling sum of money, not to mention the damage to its reputation; if a sales person walks out with your entire clients database and gives it to his new firm you’re going to lose at least a few customers.

Fortunately there are some solutions out there to reduce the chances of businesses being a victim of one of the sad situations mentioned above.

 

1. Removal of USB ports – The removal of USB ports is a rather severe reaction to this potential threat and is often a practically difficult one to implement, a lot of firms use USB ports for their mice and keyboards and these would all have to be changed.

2. Encryption of USB Drives – Encryption on USB Flash Drive can take one of two forms either a hardware encryption or software encryption. Forms of hard ware inscription may include only allowing access to the USB Flash Drive after the user has authenticated his or her authority using a password, encryption certificate or biometric authentication (most commonly finger print recognition but sometimes also retina recognition). The encryption of storage media can also be managed via software two examples are Microsoft’s Active Directory and Novell’s eDirectory, both can be set up to use certificates to data held on USB Flash Drives.

3. Restrict access to important files on critical servers – As with all company information access should be given on a need to basis and taken away from employees as soon as they no longer need that access: if you’re going to give someone their notice is it worth letting them have access while they sit it out?

4. Monitor access of company employees to sensitive files – Just because your employees have access to the data doesn’t mean they have ant rights to do with as they please. Monitoring their behaviour with sensitive data is the best way to spot any unusual pattern and can give you time to act and stop any possible data leaks.

5. Limit size of data transferred to USB drives- Data transfer restriction software can be used to protect sensitive files by capping the sizes of files that can be copied to a USB Flash Drive. The file size limit simply needs to be set to the size of the smallest sensitive files. 

6. Enforce USB Flash Drive policies – Enforcing USB Flash Drive Policies can go a long way to reducing the risk of accidental loss of data, policies alone aren’t likely to stop a disgruntled employee from doing any damage. Here are some policies you might want to consider: USB Flash Drives should only be used for data transfer and not storage. Data should not be on USB Flash Drives for over a week. Data should not be transferred to USB flash drives without prior consent form a manager.

7. Firewalls and Anti viruses – Viruses can be contracted from USB Flash Drives just as they can be contracted from any other type of media. To keep yourself safe make sure you have the latest updates installed for whichever antivirus software you use.

Although the removal of USB ports is the only 100% certain way of making sure USB flash drives pose you no risk it is not a solution, the benefits of USB flash drives are vast and getting rid of them would be a step back for computing. By being vigilant to the behaviour of business staff and using one or a variety of the security solutions mentioned above you can protect yourself from flash drive misuse but still benefit from their versatility.