Whose memory stick is it anyway?
USB use poses a unique problem. Most are personal property and contain personal data yet have found their way into daily use in just about every organisation, despite the fact that many can carry malware infections, they can be easily lost or stolen and putting data of any kind on them carries a greater risk of being accidentally or deliberately exposed.
Having a good (paid for) Antivirus licence can provide some element of protection for your computer, however that doesn’t solve all the problems using a USB device can bring.
Forcibly encrypting these devices is the right thing to do, but this either protects the whole unit, leaving users shut out of their own documents at home, or creates a split device, with no means of editing, reading or writing secure information on a home PC without encryption software.
How to avoid attack
If you or your staff intend on using a USB device, only use those that you purchase from a trusted stockist – it used to be popular to receive branded promotional USBs from other businesses or partners as part of their marketing campaigns, however you don’t know the original source of the USB stick, if you receive a promotional USB device, we would suggest not using it as a matter of precaution. If you use these as promotional items for your business to send out to others, stop!
The only way to truly avoid attack, is by not connecting your USB device to computers you don’t own or don’t have good reason to trust to avoid the USB stick becoming infected —and by not plugging untrusted USB devices into your own computer to avoid your computer becoming infected. But this pretty much renders the USB stick useless. ‘In this new way of thinking, you have to consider a USB infected and throw it away as soon as it touches a non-trusted computer.’
The risk of accidental exposure of confidential data on USB storage devices can be greatly mitigated by the use of encryption. Through our partnership with ESET and DESlock we provide an on-device application that runs straight from the USB stick, doesn’t need an install, and with the right password allows the user to edit, read and write encrypted documents on to any PC.
Each device is protected with an encryption key and a password; only one being required to enable the device. This makes the USB stick fully transparent and password-free at work and password-protected at home or off-site.
For businesses where USB devices are used, it’s also prudent to put a USB policy in place for staff to adhere to if you don’t already have one.
For more information of USB Encryption, get in touch with Smart Computers.