ST1707

RESEARCH:
RESEARCH: USB DRIVE ENCRYPTION
HOW TO PROTECT 'DATA
ON THE GO'
USB DRIVES ARE A 'FAITHFUL COMPANION' IN OUR PROFESSIONAL
LIVES, SUGGESTS NEW RESEARCH - BUT THEIR SECURITY IS AN
INCREASINGLY IMPORTANT CONSIDERATION, ESPECIALLY IN THE
RUN-UP TO THE NEW EU GDPR, ARGUES CHRISTOPH BADER,
STRATEGIC MARKETING MANAGER B2B EMEA FOR KINGSTON
TECHNOLOGY
It is an everyday scenario: an employee
downloads data from a work PC onto a
USB-drive, perhaps for a back-up, to work
from home, or to give a presentation. The
employee leaves the office and on the way
home the USB slips out of their pocket. The
data on the drive is not encrypted and is
accessible to anyone who plugs the drive into
a computer - which a recent survey found that
almost half of us do upon stumbling across a
USB. In a best-case scenario losing a USB
drive is just an annoyance. Lose a USB with
confidential or personal data however and it's
a different story.
On 24th May 2018 the current data
protection legislation from 1995 will be fully
replaced by the EU General Data Protection
Regulation (EU GDPR). The EU GDPR aims to
strengthen the protection of personal data for
EU citizens, e.g. through the 'right to be
forgotten', and future-proofing data protection
legislation in the EU. It is also an attempt to
unify the different national legislations which
can be confusing in their overlaps and
differences. This means that organisations will
have to take extra steps to avoid any kind of
data leaks, loss and theft. The fines for
personal data such as names, date of birth,
bank details or medical records being leaked
can add up to 4% of the global revenue of
an organisation, or 20 million euros
(whichever is higher).
Additionally, the individuals concerned as well
as a supervisory authority will have to be
notified if personal data has been
compromised. This means that a data breach -
on top of the direct costs like fines, legal fees,
etc. - will also automatically generate indirect
costs such as negative publicity, loss of
customer trust and ultimately business. Hence
organisations should start reviewing and
checking their internal IT processes and
policies now and modify them accordingly.
POCKET FULL OF TROUBLE
One of the most neglected risks is often simply
not encrypting company USB drives. You may
think that the use of USB drives is on the
decline. However, a recent survey
commissioned by Kingston Technology on the
use of USB drives has shown that about 66%
of participants use more than one USB drive
for job purposes. Of these users, alarmingly
38% reported that one or more drives had
disappeared while in company use (24% out
of these were reported lost, 4% reported stolen
and in 72% it was unclear what happened to
the drive). Another worrying result is that
almost half of the surveyed employees said
that they mix personal and job data on their
USB drives.
Other questions showed that in about a fifth
of the company's surveyed, employees save
sensitive data on USB drives. Yet, 86%
reported that they do not use hardware-based
encrypted USBs for these. The conclusion can
be drawn that carelessness of organisations
and employees when dealing with USB drives
is a substantial risk for companies. Obviously,
improving network or cyber security is an
ongoing major task for IT departments, as
hacking or ransomware attacks are an
increasingly prevalent issue. But in a more and
more mobile world where employees
frequently work from home or in a BYOD
environment, companies will need to better
address security concerns that come along with
'data on the go'.
FIVE STEP PLAN
In order to become compliant with the EU
GDPR in regard to mobile data, we
recommend that organisations consider the
following five steps.
^
14 STORAGE July/August 2017
@STMagAndAwards
www.storagemagazine.co.uk
MAGAZINE