Preventing A Major Attack -- Campus Security Today

Preventing A Major Attack

Encrypted USB Storage drives help minimize cyber security risks

By Ruben Lugo
January 01, 2018

It is probably safe to say USB thumb drives are as ubiquitous on a college campus as tablets, laptops and textbooks. Not only are students and faculty using them, so are staff MEMBERS in admissions, financial aid, accounting, the health center, the security office and virtually every other department connected to the institution. If – when – data stored on these drives ends up in the wrong hands, public trust can be lost, students and faculty are put at risk, and the school can find itself in the middle of a major PR headache.

Many USB thumb drives being used on campuses today could be generously classified as BYOD (bring your own device) that are probably unencrypted, recently purchased at the checkout counter of a local retail store and more than likely inexpensive. Worst of all, BYODs can be infected with malware and viruses that can adversely affect the entire college network.

But wait, there’s more depressing news. Every year, an alarming 20 million unprotected USB drives are lost, stolen, misplaced or forgotten about. Is it any wonder security risks associated with the use of unencrypted, removable USB storage devices are a major concern?

Despite these risks, USB thumb drives – as well as other removable storage – have the undeniable utility of being small, portable and relatively inexpensive. They are extremely useful for data transfers between computers, including operating system patches and antivirus updates.

Secure, encrypted USB flash drives are an essential pillar of a comprehensive data-loss prevention (DLP) strategy. The most effective are drives where the security is implemented in the device’s hardware in order to combat ever-evolving threats.

A patent-protected hardware-centric/software-free encryption approach to data security is the best defense against data loss, as it eliminates the most commonly used attack routes. This same software- free method also provides complete cross-platform compatibility with any OS or embedded equipment possessing a USB port and file storage system.

NEW EU REGULATION IMPACTS U.S. COLLEGE CAMPUSES

After a two-year phase-in period, 2018 marks the complete implementation and strict enforcement of a new European Union regulation that aims to strengthen data protection rights for individuals within the EU. Named the General Data Protection Regulation (EU GDPR), it replaces a 1995 directive and aims to future-proof data protection in the EU and to non-EU organizations that process data of EU residents.

It may not be apparent at first mention as to why or how this affects American colleges, universities and any institution of higher learning. But consider European students coming to America to study, research projects between American institutions and their counterparts in Europe, and any other exchange of data or information between students, faculties and schools in the two sectors. From 2018 forward, they will need to use state-of-the-art security to protect personal data.

In case of a data breach, schools will face fines of up to 4 percent of their annual global revenue or $21,952 million and must inform their national supervisory authority.

The average cost of a data breach has increased by 23 percent since 2013. The average cost of a data breach for large organizations in the EU is 3.7 million Euros and $7 million in the U.S. Education is one of the three highest cost sectors.

Here are five steps colleges can take to protect themselves and become GDPR compliant:

Understand the new regulation and what it means.
Understand who uses and has access to data.
Define strategy for data on the move.
Consider hardware encryption and endpoint-management options.
Ensure students, faculty and staff are aware of the GDPR and bestpractice data protection policies.

Students, faculty and administrative staff carrying data out of the classroom or office increase the risk of data being compromised. This leaves the institution open to hefty fines, recovery costs and a potential public relations disaster. Remember, this applies to data you not only need to protect but want to protect.

Encryption is the best way to be safe. A device such as the Kingston encrypted USB or its high-end IronKey encrypted USB 3.0 flash drive minimizes the risks of moving data on USB drives and ensures critical and sensitive data is protected.

WHY ENCRYPTION IS IMPORTANT

If a USB is lost or stolen and the data on it is encrypted then this is a security breach, not a data breach, and may not have to be reported. Kingston encrypted and its IronKey encrypted USB 3.0 flash drives help meet stringent requirements (including the new EU GDPR) for data security while allowing students and school departments to do their assignments or jobs more efficiently. With its completely selfcontained authentication and encryption processes, all critical security parameters take place within the drive itself and are never shared with its USB host. Kingston’s unique approach to ultimate data security is centered on absolute independence from all software and the operating system.

In addition to advanced security features such as anti-virus protection and remote management capabilities, Kingston offers a secure customization program that provides users, companies or schools the ability to uniquely identify the encrypted drives with popular options such as serial numbering, dual passwords and custom logos. Data stored on a Kingston or an IronKey encrypted USB drive is always protected from unauthorized access. What happens on an encrypted drive, stays on an encrypted drive.

IMPACT OF ENCRYPTED DEVICES

In closing, here are two examples of the importance of using encrypted USB drives.

Protecting royalty. Recently, an unencrypted USB drive with confidential/ restricted files was found at Heathrow Airport in London. Among its 76 folders and 174 documents was information regarding details of measures used to protect the Queen, the types of ID needed to access restricted areas, a timetable of security patrols and maps pinpointing CCTV cameras. One document highlighted recent terror attacks and talked about the type of threats the airport could face.

Securing data. Researchers from Google, the University of Illinois Urbana-Champaign and the University of Michigan spread 297 unencrypted USB drives unattended around the Urbana-Champaign campus.

Finders opened one or more files on 135 of the 297 flash drives (45 percent) and 290 of the drives (98 percent) were removed from their drop locations. Drives were plugged into finders’ computers within a median time of 6.9 hours, the first within six minutes of being found. The researchers suspect that users initially acted altruistically to try and find the drives’ owners, but their curiosity soon took over, as they proceeded to open other files, including one labeled “vacation photos.”

Whatever their reason for opening the files, the study points out that individuals coming across an unattended USB drive will open it. If the drive is unencrypted, like those used in the study, the loser of the drive risks having all manner of valuable data exposed, stolen or lost for good.

This article originally appeared in the January 2018 issue of Campus Security Today.

Shooter Detection Systems Joins Partner Alliance for Safe Schools to Strengthen School Safety Efforts
04/08/2024
Parents are Part of School Security, Too
03/19/2024
Enhancing School Safety
03/15/2024
Access Control Trends
03/14/2024

Featured

California School District Modernizes Surveillance System

i-PRO Co., Ltd. (formerly Panasonic Security), a provider of professional security solutions for surveillance and public safety, recently announced that the Murietta Valley Unified School District (MVUSD) in Riverside County, CA, has undertaken a project to modernize its first-generation surveillance system to new high-resolution i-PRO network cameras, and the i-PRO Video Insight video management system (VMS). Read Now
- Video Surveillance
RAD Makes History with First Robotic Dog Deployed to Taylor Police Department

Robotic Assistance Devices, Inc. (RAD), a subsidiary of Artificial Intelligence Technology Solutions, Inc., recently announced that it has delivered a RADDOG LE to the Taylor, Michigan Police Department. The delivery of RADDOG LE to the Taylor Police Department marks a historic moment in the integration of technology within law enforcement. This milestone underscores RAD’s commitment to revolutionizing the landscape of security and public safety through cutting-edge AI-powered, robotic solutions. Read Now
- Facility Security
Passing the Test

The discussion about secured access and access control for higher education and K-12 is continuously expanding and evolving. That is a good thing. The more knowledge we gain and the more solutions that become available, linked and interoperable, the better and higher the level of security and safety. Read Now
- Access Control
Driving a Major Shift

One of the driving forces for change has been the high demand for unified solutions. Users are asking their vendors for a way to manage all their security systems through a single interface, from a single pane. This has led to a flurry of software development to seamlessly integrate access control systems with video surveillance, intrusion detection, visitor management, health monitoring, analytics with artificial intelligence (AI), and more. Read Now
- Video Surveillance

Webinars

Hanwha Vision (formerly Hanwha Techwin), Salient Systems, Eagle Eye Networks Inc, Evolv Technology

Shooter Detection: The First Line of Defense
Hanwha Techwin, Salient Systems, Evolv Technology, Omnilert, Eagle Eye Networks Inc, Traka ASSA ABLOY, i-PRO Americas Inc., Digital Watchdog, IPVideo Corporation, ProdataKey

Exploring Multiple Facets of Campus Security Summit
SparkCognition

How Visual AI Is Transforming the Conventional School Safety Model

Whitepapers

Metrasens

Case Study | Creating a Welcoming and Safe Experience for School Events
ProVision

Guide to Body Cameras for Campus Security
Omnilert

Guide to Evaluating Gun Detection Technology