Preventing A Major Attack
Encrypted USB Storage drives help minimize cyber security risks
- By Ruben Lugo
- January 01, 2018
It is probably safe to say USB thumb drives are as ubiquitous on a
college campus as tablets, laptops and textbooks. Not only are
students and faculty using them, so are staff MEMBERS in admissions,
financial aid, accounting, the health center, the security
office and virtually every other department connected to the institution.
If – when – data stored on these drives ends up in the wrong
hands, public trust can be lost, students and faculty are put at risk, and
the school can find itself in the middle of a major PR headache.
Many USB thumb drives being used on campuses today could be
generously classified as BYOD (bring your own device) that are probably
unencrypted, recently purchased at the checkout counter of a
local retail store and more than likely inexpensive. Worst of all, BYODs
can be infected with malware and viruses that can adversely affect the
entire college network.
But wait, there’s more depressing news. Every year, an alarming 20
million unprotected USB drives are lost, stolen, misplaced or forgotten
about. Is it any wonder security risks associated with the use of unencrypted,
removable USB storage devices are a major concern?
Despite these risks, USB thumb drives – as well as other removable
storage – have the undeniable utility of being small, portable and relatively
inexpensive. They are extremely useful for data transfers between
computers, including operating system patches and antivirus updates.
Secure, encrypted USB flash drives are an essential pillar of a comprehensive
data-loss prevention (DLP) strategy. The most effective are
drives where the security is implemented in the device’s hardware in
order to combat ever-evolving threats.
A patent-protected hardware-centric/software-free encryption
approach to data security is the best defense against data loss, as it
eliminates the most commonly used attack routes. This same software-
free method also provides complete cross-platform compatibility
with any OS or embedded equipment possessing a USB port and
file storage system.
NEW EU REGULATION IMPACTS U.S. COLLEGE CAMPUSES
After a two-year phase-in period, 2018 marks the complete implementation
and strict enforcement of a new European Union regulation that aims to strengthen data protection rights for individuals within the
EU. Named the General Data Protection Regulation (EU GDPR), it
replaces a 1995 directive and aims to future-proof data protection in
the EU and to non-EU organizations that process data of EU residents.
It may not be apparent at first mention as to why or how this affects
American colleges, universities and any institution of higher learning.
But consider European students coming to America to study, research
projects between American institutions and their counterparts in
Europe, and any other exchange of data or information between students,
faculties and schools in the two sectors. From 2018 forward,
they will need to use state-of-the-art security to protect personal data.
In case of a data breach, schools will face fines of up to 4 percent of
their annual global revenue or $21,952 million and must inform their
national supervisory authority.
The average cost of a data breach has increased by 23 percent since
2013. The average cost of a data breach for large organizations in the
EU is 3.7 million Euros and $7 million in the U.S. Education is one of
the three highest cost sectors.
Here are five steps colleges can take to protect themselves and
become GDPR compliant:
- Understand the new regulation and what it means.
- Understand who uses and has access to data.
- Define strategy for data on the move.
- Consider hardware encryption and endpoint-management options.
- Ensure students, faculty and staff are aware of the GDPR and bestpractice
data protection policies.
Students, faculty and administrative staff carrying data out of the
classroom or office increase the risk of data being compromised. This
leaves the institution open to hefty fines, recovery costs and a potential
public relations disaster. Remember, this applies to data you not only
need to protect but want to protect.
Encryption is the best way to be safe. A device such as the Kingston
encrypted USB or its high-end IronKey encrypted USB 3.0 flash drive
minimizes the risks of moving data on USB drives and ensures critical
and sensitive data is protected.
WHY ENCRYPTION IS IMPORTANT
If a USB is lost or stolen and the data on it is encrypted then this is a
security breach, not a data breach, and may not have to be reported.
Kingston encrypted and its IronKey encrypted USB 3.0 flash drives
help meet stringent requirements (including the new EU GDPR) for
data security while allowing students and school departments to do
their assignments or jobs more efficiently. With its completely selfcontained
authentication and encryption processes, all critical security
parameters take place within the drive itself and are never shared with
its USB host. Kingston’s unique approach to ultimate data security is
centered on absolute independence from all software and the operating
system.
In addition to advanced security features such as anti-virus protection
and remote management capabilities, Kingston offers a secure
customization program that provides users, companies or schools the
ability to uniquely identify the encrypted drives with popular options
such as serial numbering, dual passwords and custom logos.
Data stored on a Kingston or an IronKey encrypted USB drive is
always protected from unauthorized access. What happens on an
encrypted drive, stays on an encrypted drive.
IMPACT OF ENCRYPTED DEVICES
In closing, here are two examples of the importance of using encrypted
USB drives.
Protecting royalty. Recently, an unencrypted USB drive with confidential/
restricted files was found at Heathrow Airport in London.
Among its 76 folders and 174 documents was information regarding
details of measures used to protect the Queen, the types of ID needed
to access restricted areas, a timetable of security patrols and maps pinpointing
CCTV cameras. One document highlighted recent terror
attacks and talked about the type of threats the airport could face.
Securing data. Researchers from Google, the University of Illinois
Urbana-Champaign and the University of Michigan spread 297 unencrypted
USB drives unattended around the Urbana-Champaign campus.
Finders opened one or more files on 135 of the 297 flash drives (45
percent) and 290 of the drives (98 percent) were removed from their
drop locations. Drives were plugged into finders’ computers within a
median time of 6.9 hours, the first within six minutes of being found.
The researchers suspect that users initially acted altruistically to try
and find the drives’ owners, but their curiosity soon took over, as they
proceeded to open other files, including one labeled “vacation photos.”
Whatever their reason for opening the files, the study points out that
individuals coming across an unattended USB
drive will open it. If the drive is unencrypted, like
those used in the study, the loser of the drive risks
having all manner of valuable data exposed, stolen
or lost for good.
This article originally appeared in the January 2018 issue of Campus Security Today.