Preventing A Major Attack

Preventing A Major Attack

Encrypted USB Storage drives help minimize cyber security risks

It is probably safe to say USB thumb drives are as ubiquitous on a college campus as tablets, laptops and textbooks. Not only are students and faculty using them, so are staff MEMBERS in admissions, financial aid, accounting, the health center, the security office and virtually every other department connected to the institution. If – when – data stored on these drives ends up in the wrong hands, public trust can be lost, students and faculty are put at risk, and the school can find itself in the middle of a major PR headache.

Many USB thumb drives being used on campuses today could be generously classified as BYOD (bring your own device) that are probably unencrypted, recently purchased at the checkout counter of a local retail store and more than likely inexpensive. Worst of all, BYODs can be infected with malware and viruses that can adversely affect the entire college network.

But wait, there’s more depressing news. Every year, an alarming 20 million unprotected USB drives are lost, stolen, misplaced or forgotten about. Is it any wonder security risks associated with the use of unencrypted, removable USB storage devices are a major concern?

Despite these risks, USB thumb drives – as well as other removable storage – have the undeniable utility of being small, portable and relatively inexpensive. They are extremely useful for data transfers between computers, including operating system patches and antivirus updates.

Secure, encrypted USB flash drives are an essential pillar of a comprehensive data-loss prevention (DLP) strategy. The most effective are drives where the security is implemented in the device’s hardware in order to combat ever-evolving threats.

A patent-protected hardware-centric/software-free encryption approach to data security is the best defense against data loss, as it eliminates the most commonly used attack routes. This same software- free method also provides complete cross-platform compatibility with any OS or embedded equipment possessing a USB port and file storage system.

NEW EU REGULATION IMPACTS U.S. COLLEGE CAMPUSES

After a two-year phase-in period, 2018 marks the complete implementation and strict enforcement of a new European Union regulation that aims to strengthen data protection rights for individuals within the EU. Named the General Data Protection Regulation (EU GDPR), it replaces a 1995 directive and aims to future-proof data protection in the EU and to non-EU organizations that process data of EU residents.

It may not be apparent at first mention as to why or how this affects American colleges, universities and any institution of higher learning. But consider European students coming to America to study, research projects between American institutions and their counterparts in Europe, and any other exchange of data or information between students, faculties and schools in the two sectors. From 2018 forward, they will need to use state-of-the-art security to protect personal data.

In case of a data breach, schools will face fines of up to 4 percent of their annual global revenue or $21,952 million and must inform their national supervisory authority.

The average cost of a data breach has increased by 23 percent since 2013. The average cost of a data breach for large organizations in the EU is 3.7 million Euros and $7 million in the U.S. Education is one of the three highest cost sectors.

Here are five steps colleges can take to protect themselves and become GDPR compliant:

  • Understand the new regulation and what it means.
  • Understand who uses and has access to data.
  • Define strategy for data on the move.
  • Consider hardware encryption and endpoint-management options.
  • Ensure students, faculty and staff are aware of the GDPR and bestpractice data protection policies.

Students, faculty and administrative staff carrying data out of the classroom or office increase the risk of data being compromised. This leaves the institution open to hefty fines, recovery costs and a potential public relations disaster. Remember, this applies to data you not only need to protect but want to protect.

Encryption is the best way to be safe. A device such as the Kingston encrypted USB or its high-end IronKey encrypted USB 3.0 flash drive minimizes the risks of moving data on USB drives and ensures critical and sensitive data is protected.

WHY ENCRYPTION IS IMPORTANT

If a USB is lost or stolen and the data on it is encrypted then this is a security breach, not a data breach, and may not have to be reported. Kingston encrypted and its IronKey encrypted USB 3.0 flash drives help meet stringent requirements (including the new EU GDPR) for data security while allowing students and school departments to do their assignments or jobs more efficiently. With its completely selfcontained authentication and encryption processes, all critical security parameters take place within the drive itself and are never shared with its USB host. Kingston’s unique approach to ultimate data security is centered on absolute independence from all software and the operating system.

In addition to advanced security features such as anti-virus protection and remote management capabilities, Kingston offers a secure customization program that provides users, companies or schools the ability to uniquely identify the encrypted drives with popular options such as serial numbering, dual passwords and custom logos. Data stored on a Kingston or an IronKey encrypted USB drive is always protected from unauthorized access. What happens on an encrypted drive, stays on an encrypted drive.

IMPACT OF ENCRYPTED DEVICES

In closing, here are two examples of the importance of using encrypted USB drives.

Protecting royalty. Recently, an unencrypted USB drive with confidential/ restricted files was found at Heathrow Airport in London. Among its 76 folders and 174 documents was information regarding details of measures used to protect the Queen, the types of ID needed to access restricted areas, a timetable of security patrols and maps pinpointing CCTV cameras. One document highlighted recent terror attacks and talked about the type of threats the airport could face.

Securing data. Researchers from Google, the University of Illinois Urbana-Champaign and the University of Michigan spread 297 unencrypted USB drives unattended around the Urbana-Champaign campus.

Finders opened one or more files on 135 of the 297 flash drives (45 percent) and 290 of the drives (98 percent) were removed from their drop locations. Drives were plugged into finders’ computers within a median time of 6.9 hours, the first within six minutes of being found. The researchers suspect that users initially acted altruistically to try and find the drives’ owners, but their curiosity soon took over, as they proceeded to open other files, including one labeled “vacation photos.”

Whatever their reason for opening the files, the study points out that individuals coming across an unattended USB drive will open it. If the drive is unencrypted, like those used in the study, the loser of the drive risks having all manner of valuable data exposed, stolen or lost for good.

This article originally appeared in the January 2018 issue of CSLS.

Digital Edition

  • Campus Security & Life Safety Magazine - january 2018

    January 2018

    Featuring:

    • Finding A Balance
    • Preventing A Major Attack
    • Decentralized Assets, Centralized Control
    • A Better Understanding
    • Streamlining Today's Campuses

    View This Issue