Ten tips for USB drive data leak prevention

USB storage devices are popular because of its small size and portability. Even in the enterprises they are often used for data temporary copy and share. However, precisely because it brings convenience, it also brings many risks in the aspect of data security; especially in the field of enterprise- class, as many data and information are highly classified, once they are leaked or breached, the losses caused by them might be incomparable.

So when you are using USB storage devices, how to protect enterprise data? Here, we give you the top ten tips.

1. Manage authorized devices

Software that’s responsible for devices management can help IT staffs to track USB devices connected to the network, so as to understand what data is being transferred, when the data s used. If the IT staffs can’t monitor devices’ dynamic information, sensitive data is likely to be copied or accessed by outside unauthorized staffs.

2. Block unauthorized devices

When not dealing with official business, some staffs still use USB devices to access or copy data. If the data and information is confidential, please disable all ports of unauthorized external devices. Meanwhile, strictly prevent staffs using unauthorized devices to connect to the company computer.

3. Make up USB encryption plans

Make up and implement an encryption scheme. This plan should include how to protect flash memory devices and their data transfer process, specify who can access to the company data and make up a response plan when the device get lost.

4. Provide company-approved devices

It’s necessary to not only tell staffs that they need to use encrypted drives and set password, but also provide company-approved devices. If enterprise can’t provide secure USB device and its execution policy, staffs will often adopt unsecure practices.

5. Adopt appropriate secure level

Enterprises often need to seek balance among cost control, security and productivity. Find the right secure level according to company’s budget. If you do not need military secure level, you do not need to spend too much money.

6. User training and education

Make employees understand how to safely use a variety of devices. Companies often require using secure devices, while there are still data leak incidents, which is mainly because staffs don’t use these devices, for they feel difficult to use. It’s a must to let employees fully be aware of the consequences of not using secure devices.

7. Clarify secure policy

Making up policies is only the first step, but it’s very important. Define individuals who can download data into secure drives, and create a limitation that only allows these users to access. To clarify who to obtain these devices, and how to place these devices and which type of password should be used to protect them.

8. Encrypt data

The confidential data is sent via emails or removable storage media transmission, they should be password protected before users to use them. If data is not encrypted in advance, attackers can bypass secure control and directly access these data.

9. Protect endpoints

Even the most careful users will connect infected USB to the company computer. The latest anti-virus software is critical because it ensures access networks are secure. When the USB is connected to network, it requires scanning them as soon as possible. For older Windows computers, they need to install patches to disable autorun.

10. Disable unsecure devices

A report of Ponemon institute found that even if the company will provide approved secure devices, 72% of employees still used meeting and trade exhibition drive devices, while these drives tend to spread malicious software.