7 Steps to Securing USB Drives
by Nimrod Reichenberg - M-Systems
With millions of USB storage devices in the marketplace, confidential company data is constantly on the move—and simultaneously at risk to loss or theft. The potential for damage caused by the loss of sensitive company data grows exponentially every day, underlining the need for proper security measures that cover these handy mobile storage devices. The following are some of the major security concerns related to the use of these devices:
  • Data Leakage – To minimize the threat of data leakage, enterprises can start by limiting the use of USB drives to company-authorized devices.
  • Regulatory Compliance – All organizations should ensure they comply with government and security regulations—such as SOX, HIPAA, GLB, California SB and FISMA—to minimize the risk of data loss. The first step is to set clear security policies, publicize among employees and enforced through use of technology that audits, tracks and backs up all information on mobile drives.
  • Lost data and support costs – Despite security measures, data may be lost or stolen, leaving the organization in a position to minimize the damage done. Issuing company-authorized USB devices will enable the initiation of procedures to recover lost data and reduce the subsequent damage.
Possible Solutions

What can enterprises do to beef up security measures for personal storage devices? There are a number of hardware and software solutions used, ranging from data encryption to authentication, anti-virus protection, and other monitoring options.

There are a few solutions, such as blocked ports, encrypted storage devices and software encryption of data; however these solutions do not address all that is required to ensure a comprehensive secure solution for the majority of removable devices.

7 Steps to Securing Personal Storage Drives

The following steps will help your enterprise secure personal storage drives, both on and off the network.

1. Always define and publicize your company policy for personal storage devices.

2. Institute company-issued personal storage devices.

3. Make sure devices are fully encrypted.

4. Ensure that users cannot circumvent security measures.

5. Maintain an audit trail of data stored on devices.

6. Have the ability to recover data that resides on personal storage devices.

7. Make sure your enterprise solution is comprehensive enough to provide you with the ability to store information on secure USB drives, control the use of all removable devices both inside and outside the corporate environment, and centrally manage company-issued USB drives.

The value of portable storage devices in today's business environment is clear. Equally clear is the initiative corporations must take to integrate these devices with their storage and security policies. By taking the right steps, today’s enterprises can secure their data by choosing the right technology that can both secure and monitor data, developing robust policies that protect company data to comply with regulations, and ensure the use of enterprise-ready personal storage devices.


101,000 US taxpayers affected by automated attack on IRS app

The IRS has revealed more details about an attack it suffered last month, mounted by unknown individuals with the aim to file fraudulent tax returns and funnel the returned money to their own bank accounts.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Wed, Feb 10th