November 2008
S	M	T	W	T	F	S
		Dec »
	1
2	3	4	5	6	7	8
9	10	11	12	13	14	15
16	17	18	19	20	21	22
23	24	25	26	27	28	29
30

Archive for 10. November 2008

USB Data Security – Rules and Procedures

10. November 2008 by David Peterson.

I have been thinking about this subject for sometime. Last spring and again in this past summer I have read several accounts of USB drives own by the military being stolen by foreign base workers and then being sold in the bazaars of Afghanistan. I wonder how many of these military drives my company produced over the years.

My company sells no less than 50 units of these USB flash memory drives to every customer. Sometimes we produce 1,000s of units for one customer. That’s just our company - the point is there are millions of these USB flash memory devices in the field. All of them very small, easily stolen, easily lost, misplaced, or just plain forgotten.

What type of data is on all of these drives? Is there customer information, corporate information, personnel records, payroll information, technical specification, credit card numbers, military matters?

Who is responsible if the drives are lost or stolen? If you are reading this then – probably you! These drives are so small yet they can hold gigabytes of data. What keeps a malicious employee from downloading gigabytes of data and just walking out of your corporation’s front door?

How can you protect your company and your customers?

There are some incredibly sophisticated data encryption methods that you can apply to the drives. I will touch on these in future posts. Most may be a bit impractical for the average user since desktops computers and technologies in general change constantly. However that doesn’t mean you shouldn’t set up certain corporate governing rules when dealing with these devices.

Here are some simple steps to protect your company and your data:

Establish corporate portable data storage rules and procedures immediately.
Issue everyone that uses a computer a USB Flash Drive with your corporate logo imprinted on the device.
Have your USB flash Drives serialized so you can keep track of who owns which drive.
Do not under any circumstances let unauthorized data drives into your work location. This includes employee’s personal laptops.
Use either lanyards so the drives are visible or use the Credit Card Memory® style of drives that fit into men’s and women’s wallets so they will not be lost.
Establish corrective action proceeds for employees that do not follow data storage rules.
Have a collection point for all old, bad, or unused drives. These drives need to be destroyed.
Inspect what you expect! Do routine audits of corporate material on the flash drives.

USB Flash Drives are becoming faster and will soon be capable of holding terabytes of information. Your company needs to get ahead of this portable data storage problem.

Look at it this way – I bet you have a shedder company that picks up your discarded paper documentation to be destroyed and recycled but you let gigabytes of data walk out your front door everyday. Set up your portable data storage rules and procedures today.

Posted in Data Security | No Comments »