USB storage in business
When we talk about storage in the enterprise, big systems are often front of mind and we often overlook the role that USB storage has to play. IT PRO investigates the state of play.
There have been plenty of high profile cases of late involving data loss and laptops. Put that critical data on a stick the size of a packet of chewing gum and the risk becomes somewhat harder to manage.
"One of the allures of USB sticks, is that if you find one - you tend to plug it in," said Guy Bunker, chief scientist at Symantec. "You can get software on the web very easily and it will take around 19 seconds to extract all of your security information and install keylogging software. So it's a worrying trend and very easy to do."
Losing USB drives is one issue, but breaking them is yet another. Having a drive sticking out of a laptop is a sure fire way of snapping the connector and breaking USB ports. It is worth finding a short USB extension lead and you will be largely protected from breakages. This also removes the 1,500 USB insertion limitation as you are wearing out an easily replaceable extension lead instead. If you are the rough and tumble type, it is worth foregoing the smaller flash drive models and getting a rubberised and ruggedised flash drive.
Attaching your primary flash drive to your keyring can work in your favour. Most people don't leave the house without keys, ipso facto, you never leave the house without your flash drive. However, this does have the potential to back fire as you can find yourself leaving keys plugged into your computer and locking yourself out.
Getting a quick release keyring can protect you from such things, but you also run the risk of leaving it behind, and worst of all forgetting where.
Got the key, got the secret
Laptop data loss is one thing but modern USB drives have the potential to carry just as much data as a modern notebook, with up to 64GB flash drives now on sale. This highlights the fact that these little sticks are no longer just being used to transfer PowerPoint presentations between users. Stealing a USB drive isn't exactly hard, with plenty of available spaces to stash them.
Get the ITPro. daily newsletter
Receive our latest news, industry updates, featured resources and more. Sign up today to receive our FREE report on AI cyber crime & security - newly updated for 2024.
"At a government organisation you have to leave anything electronic at the gate. In most other businesses, you don't have the same security in place, but the threat remains the same," said Mike Smart, senior product marketing manager at Secure Computing.
"Physical security is just as important as gateway security - there is no one solution. Removing portable media as a general policy is detrimental to work flow, but there needs to be control in how they are used. While out on the field, it is important to employ tactics such as encryption or finger print scanning. If you are going to allow the use of portable drives, at least make sure the data is difficult to read."
Smart added: "There is always a risk, no matter what security you put into place. If someone wants to get to your data, they will find a way."
Encrypting this data is one step you may want to consider as a cure to stop the thieves in their tracks if prevention hasn't worked. TrueCrypt is an open source solution that works on Linux, Windows and MacOS. At its most basic level, this allows you to encrypt the entire drive it is however, much more powerful than this.
If you're a Windows user, there is also the issue of viruses. Before the internet, people managed to do a damn good job of spreading viruses through floppy disks. Make sure all the machines you put your drive in have a virus scanner installed and scan your drive regularly.
There is also the risk of somebody else using USB drives against you. Sneaking a drive through security isn't exactly hard most modern mobile phones have a considerable amount of storage after all. It is remarkably easy to walk into a building and walk out with your trade secrets in tow.
Rise of the machines again
Cast your mind back to Terminator 2, where John Connor carried his PDA around for hacking. There are a number of hacking-specific Linux distributions, all of which are small enough to be stored on a USB flash drive. Any computer in your office is a target even if it's supposedly password protected. Plugging the drive in, forcing a reboot and selecting the USB drive to boot from, can be all that is necessary to wreak havoc on your network. Make sure that your networked computers are set to not boot via USB and that the BIOS is password protected to stop this being selected.
If the worry of losing your flash drive is large enough, ask yourself if you want to be so dependent on a drive in the first place. If you used a cloud-based solution such as Google Documents to work from, or some of the online storage systems like X-Drive you could have access to your documents from any computer with an internet connection - including many public access machines where USB ports are often locked out.
We are amassing more and more information on a daily basis and data continues to be the lifeblood of every business regardless of size. That much is fact. But isn't it about time we more closely considered, embraced and combated both the benefits and the disadvantages that the double edged sword of USB storage has to offer us in the enterprise?