7 Steps to Securing USB Drives
by Nimrod Reichenberg - M-Systems
Personal storage devices such as USB flash drives are more powerful than ever and have become ubiquitous in the enterprise environment. Originally designed for consumer use, these devices typically lack security, control and auxiliary management tools. Many employees donít think twice about taking work home or out of the office on the personal thumb drive they purchased at a local center for office supplies. With millions of people carrying around personal storage devices, these gadgets are being used both innocently to increase productivity and for other less legitimate purposes such as smuggling information out of the enterprise.

Even when used with the best intentions, the data stored on USB drives is generally not covered by routine company procedures, such as backup, encryption, or asset management. How can companies keep track of the data coming in or leaving the company via these devices? Keeping company data secure has become a significant challenge for any corporate IT department.

Recent Incidents

Recent events in the industry have been cause for concern, leading IT professionals to understand that new policies and technologies must be set in place to protect information being stored on personal storage devices.

The following are just a few episodes that have driven the message home.

When a professor from the University of Kentucky discovered that his flash drive was stolen, private information for 6,500 former students was suddenly at risk. The data, including names, grades and Social Security numbers, left thousands of individuals exposed to the threat of identity theft, not to mention the violation of their privacy.

Flash drives with classified military information were up for sale at a bazaar outside Bagram, Afghanistan. The US Army realized they had to secure USB drives, find a way to keep track of the devices, and ensure that the information could not be accessed by unauthorized personnel.

Security Implications

When company information is stored on non-secure and personally owned devices, employees put their company at risk every time they step out the door. Auditing companies are at risk of exposing account numbers, hospitals can be exposed if patient information falls into the wrong hands, and finance companies need to ensure that mission critical data is not lost. Once company data falls into the wrong hands, the possibility of threats and risk are almost infinite. Companies lose credibility, leave themselves open to lawsuits, and expose employees to ID theft or fraudójust to name a few.

The risks from personal storage devices can be classified as follows:
  • Data exposure due to device loss or theft
  • Unauthorized data extraction
  • Introduction of malicious code.
Enterprise Concerns Regarding the Vulnerability of USB Drives


Harnessing artificial intelligence to build an army of virtual analysts

PatternEx, a startup that gathered a team of AI researcher from MIT CSAIL as well as security and distributed systems experts, is poised to shake up things in the user and entity behavior analytics market.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Tue, Feb 9th