ST1707
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
RESEARCH:<br />
RESEARCH: USB DRIVE ENCRYPTION<br />
HOW TO PROTECT 'DATA<br />
ON THE GO'<br />
USB DRIVES ARE A 'FAITHFUL COMPANION' IN OUR PROFESSIONAL<br />
LIVES, SUGGESTS NEW RESEARCH - BUT THEIR SECURITY IS AN<br />
INCREASINGLY IMPORTANT CONSIDERATION, ESPECIALLY IN THE<br />
RUN-UP TO THE NEW EU GDPR, ARGUES CHRISTOPH BADER,<br />
STRATEGIC MARKETING MANAGER B2B EMEA FOR KINGSTON<br />
TECHNOLOGY<br />
It is an everyday scenario: an employee<br />
downloads data from a work PC onto a<br />
USB-drive, perhaps for a back-up, to work<br />
from home, or to give a presentation. The<br />
employee leaves the office and on the way<br />
home the USB slips out of their pocket. The<br />
data on the drive is not encrypted and is<br />
accessible to anyone who plugs the drive into<br />
a computer - which a recent survey found that<br />
almost half of us do upon stumbling across a<br />
USB. In a best-case scenario losing a USB<br />
drive is just an annoyance. Lose a USB with<br />
confidential or personal data however and it's<br />
a different story.<br />
On 24th May 2018 the current data<br />
protection legislation from 1995 will be fully<br />
replaced by the EU General Data Protection<br />
Regulation (EU GDPR). The EU GDPR aims to<br />
strengthen the protection of personal data for<br />
EU citizens, e.g. through the 'right to be<br />
forgotten', and future-proofing data protection<br />
legislation in the EU. It is also an attempt to<br />
unify the different national legislations which<br />
can be confusing in their overlaps and<br />
differences. This means that organisations will<br />
have to take extra steps to avoid any kind of<br />
data leaks, loss and theft. The fines for<br />
personal data such as names, date of birth,<br />
bank details or medical records being leaked<br />
can add up to 4% of the global revenue of<br />
an organisation, or 20 million euros<br />
(whichever is higher).<br />
Additionally, the individuals concerned as well<br />
as a supervisory authority will have to be<br />
notified if personal data has been<br />
compromised. This means that a data breach -<br />
on top of the direct costs like fines, legal fees,<br />
etc. - will also automatically generate indirect<br />
costs such as negative publicity, loss of<br />
customer trust and ultimately business. Hence<br />
organisations should start reviewing and<br />
checking their internal IT processes and<br />
policies now and modify them accordingly.<br />
POCKET FULL OF TROUBLE<br />
One of the most neglected risks is often simply<br />
not encrypting company USB drives. You may<br />
think that the use of USB drives is on the<br />
decline. However, a recent survey<br />
commissioned by Kingston Technology on the<br />
use of USB drives has shown that about 66%<br />
of participants use more than one USB drive<br />
for job purposes. Of these users, alarmingly<br />
38% reported that one or more drives had<br />
disappeared while in company use (24% out<br />
of these were reported lost, 4% reported stolen<br />
and in 72% it was unclear what happened to<br />
the drive). Another worrying result is that<br />
almost half of the surveyed employees said<br />
that they mix personal and job data on their<br />
USB drives.<br />
Other questions showed that in about a fifth<br />
of the company's surveyed, employees save<br />
sensitive data on USB drives. Yet, 86%<br />
reported that they do not use hardware-based<br />
encrypted USBs for these. The conclusion can<br />
be drawn that carelessness of organisations<br />
and employees when dealing with USB drives<br />
is a substantial risk for companies. Obviously,<br />
improving network or cyber security is an<br />
ongoing major task for IT departments, as<br />
hacking or ransomware attacks are an<br />
increasingly prevalent issue. But in a more and<br />
more mobile world where employees<br />
frequently work from home or in a BYOD<br />
environment, companies will need to better<br />
address security concerns that come along with<br />
'data on the go'.<br />
FIVE STEP PLAN<br />
In order to become compliant with the EU<br />
GDPR in regard to mobile data, we<br />
recommend that organisations consider the<br />
following five steps.<br />
^<br />
14 STORAGE July/August 2017<br />
@STMagAndAwards<br />
www.storagemagazine.co.uk<br />
MAGAZINE