in

This Blog

Syndication

Tags

News

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Archives

AlertBoot Endpoint Security

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Disk Encryption: USB Stick With Sensitive Files On Foster Children Found

Stoke-on-Trent City Council has found itself in the middle of a data breach after a passer-by turned in a USB flashdrive with sensitive information to The Sentinel, a UK periodical.  The USB drive was not protected with disk encryption software like AlertBoot.

USB Memory Stick Found By IT Consultant

The USB stick was found on the pavement by an IT consultant.  Upon connecting it to his computer, the consultant found dozens of files with sensitive information related to foster children.  He promptly went to The Sentinel and handed over the flashdrive; the newspaper, in turn, turned over the device to the city council.

An investigation has been promised by the council, which has noted that it's against policy to store such information on an unencrypted flashdrive.

What's New?  How About Forced Encryption? (With Care, Of Course)

Stories like these are a dime a dozen. With the cheap prices that USB flashdrives command, it's hard to envision a situation where sensitive data doesn't end up on a USB memory stick that subsequently gets lost or stolen.

Among the solutions that are suggested is the use of officially sanctioned, pre-encrypted USB drives.  I can only laugh at such a suggestion.  The problem is not the lack of encryption on USB sticks.  The problem is what management has found to be problematic for decades: employees who don't follow policies.

I mean, the person who lost the USB drive didn't follow the original policy of not carrying unencrypted data.  Who's to say that person would have followed another policy of only using encrypted USB drives?  Or perhaps a policy that prohibits one from using a non-sanctioned USB flashdrive?

This doesn't mean that encryption software is not necessary, or that it cannot contribute towards better data security.  Instead, I'm pointing out that the approach is somewhat off.

I'd say that a somewhat better option would be to force the encryption of any external data storage devices (an option in AlertBoot's managed endpoint security software): this way, when any (personal or corporate) USB drive is connected to a computer, the device is also encrypted and usable within an assigned group of computers.

(Care must be taken with such an approach, though, because it encrypts all such data storage devices.  We're talking iPods, iPhones, and anything that shows up as external memory device when connected to a computer.  Of course, being burned by such an experience, people learn not to stick any random USB device to work computers, but sometimes at great personal expense.)

Another effective approach may be port control, where an administrator presets a set of executable policies that determine which hardware can connect to a USB connector port.  For example, such a policy may allow mice and printers to be connected to a computer, but would disallow it for any foreign objects (like unsanctioned memory drives).


Related Articles and Sites:
http://www.infosecurity-magazine.com/view/8396/confidential-social-services-data-found-on-usb-stick-in-stokeontrent/
http://www.scmagazineuk.com/usb-stick-containing-social-services-information-found-on-a-pavement/article/166783/

 
<Previous Next>

Data Encryption Software: Used In ECMC Data Breach Affecting 3.3 Million People? Would It Matter?

Romance Stories Over Drive Encryption Software?

Comments

No Comments

About sang_lee

Sang Lee is a Senior Account Manager and Security Analyst with AlertBoot, Inc., the leading provider of managed endpoint security services, based in Las Vegas, NV. Mr. Lee helps with the deployment and ongoing support of the AlertBoot disk encryption managed service. Prior to working at AlertBoot, Mr. Lee served in the South Korean Navy. He holds both a B.S. and an M.S. from Tufts University in Medford, Massachusetts, U.S.A.