Encrypt Your Flash Drive

Encrypt Your Flash Drive

The safest way to store, transport confidential data

USB drives are convenient devices. They are used daily by hundreds of millions of people around the world to store or transport data, much of which would be considered confidential. Chances are there are plenty of USB drives floating around your company or organization right now.

Have you ever stopped to think about the potential security threat these drives could pose? Yes, no, maybe? Well, it’s a good question to ask yourself. Do your employees, contractors and visitors who connect to your network ever use them? The answer to that question doesn’t really matter, because if anyone has even so much as thought about connecting a USB drive to your network, your organization is at risk.

That goes for organizations large or small, across all departments, all industries and all geographies. USB drives pose a threat, and the more unprepared you are for handling such a threat, the greater the chances are that at some point, you will have a problem. Potentially, a big problem. Do a simple Google search on data loss involving non-encrypted USBs and you will see numerous examples of organizations that did not have a solid plan in place and what the legal, financial and reputational consequences.

There are four major ways a USB drive can pose a threat:

Someone in your organization. Someone could accidentally loses such a drive that is full of data, especially what is known as Personally Identifiable Information. That happens often — way too often. Laundries often find hundred of drives in clothes they clean; this is a type of drive loss that is often invisible to enterprises yet still a potential breach.

A USB drive full of data. Important information gets stolen from your organization. People have been known to walk out of a company they were visiting carrying USB drives loaded with proprietary or legally protected information.

A trusted employee. Someone has become disgruntled and has absconded a device with confidential company data via a USB drive.

Someone in your organization. An infected USB drive has been found and, whether out of curiosity or in a noble attempt to find the owner, plugs it in. A large-scale study conducted at the University of Illinois showed that 48 percent of people who find USB drives plug them in and click on at least one file. For whatever reason they did so, the results to your network are the same if the drive is infected with malware.

So what do you do? You have several alternatives other than doing nothing. You can completely ban anyone connected to your company from ever using a USB drive at work or for workrelated projects. Or, you can implement a company-wide plan on how they are to be used.

A third option is a practical compromise between the two. When policies are too difficult to enforce, and a full ban on USB drives would be impractical, encrypted USB drives make ideal solutions. Whether the drives are lost or stolen, dropped or handed to a corporate spy, encrypted USB drives will never give up their secrets, as unauthorized users cannot simply plug them in and read the data.

So what do you need to do? First and foremost, incorporate encrypted USB Flash drives and policies into your organization’s overall security strategy. If you don’t have such a plan and guidelines in place, your organization is at risk at every level — including failure to comply with regulations. The best time to develop an encrypted USB plan is before you need to prove you had one.

Identify the Best USB Flash Drives for Your Organization

Simple analysis of what your organization needs and recognizing there is a range of easy-to-use, cost-effective, encrypted USB Flash drive solutions can go a long way toward enabling you to get a handle on the issue of managing risks and reducing costs.

A good place to start is to select the appropriate USB Flash drive that best fits your organization’s needs. Determine the reliability and integrity of USBs by confirming compliance with leading security standards such as AES 256 Encryption, FIPS 197 or FIPS 140-2 Level 3, and various other managed solution options. Also, some USB companies, such as Kingston, provide a customized option for businesses that require specific needs.

Be sure to balance company needs for cost, security and productivity. Ensure you have the right level of data security for the right price. Don’t pick a drive with all the bells and whistles because you believe it to be the best if you’re not going to make use of all those bells and whistles. If you don’t need military-grade anti-tampering security don’t pay for it, but do buy an Advance Encrypted Standard (AES) 256-bit encrypted drive for best data security. It is also a good idea to get HR and senior management involved to support your USB data-security initiatives.

Train and Educate

Education should always be the first line of defense, and explaining the different threat scenarios associated with USB drives may go a long way toward modifying bad USB behaviors.

If you don’t train and educate end users, you will not have a tightly sealed data-leak prevention strategy and you are more prone to be breached. A Ponemon Institute Study regarding USB security found that 72 percent of employees use free (as in no cost, ‘look what that nice person just gave me’ type of free) drives they pick up at conferences, tradeshows, business meetings, even in organizations that offer ‘approved’ USB options.

All new and current employees should be trained as part of your company’s orientation and ongoing training. Establish a training program that educates employees on acceptable and unacceptable use of USB Flash drives and the dangers of using Bring Your Own Device (BYOD) items. Take users through actual breach incidents and other negative consequences that occur when using non-encrypted USBs.

Establish and Enforce Policies

Your organization should institute policies for the proper use of electronic portable storage media, including USB Flash drives.

Here are three steps to begin the process.

  • Identify those individuals and groups needing access to and/ or download sensitive and confidential data on encrypted USB drives, then set a policy that allows them access.
  • Document policies for your IT team and end users.
  • Mandate that all employees attend training and sign an agreement post-training, so they understand the acceptable-use policies and the implications of not following guidelines. If you don’t have the right policies in place, USB drives can potentially be the downfall of your data-security strategy. Setting a policy is the first step and an incredibly important one.

Provide Company-approved USB Drives

If you don’t provide encrypted USBs and implement policies that allow end users to be productive, out of necessity, employees will find a way to work around these security systems. Providing employees with approved, encrypted USB Flash drives for use in their job is an excellent way to assure that company-approved USBs are being used.

Here are a few guidelines to use in choosing the type of USB Flash Drive to give your employees:

  • Proven hardware-based encryption using Advanced Encryption Standard (AES) 256. Hardware-based security provides portability and superior encryption over host-based software encryption.
  • User storage space should be 100-percent encrypted. No nonsecured storage space should be provided.
  • Hardware-based password authentication that limits the number of consecutive wrong password attempts by locking the devices when maximum number of wrong attempts is reached.
  • Your selected drive meets the FIPS standards for your particular industry or company’s needs: FIPS 197 and/or FIPS 140-2 Level 3.

Manage Authorized USB Drives and Block Unapproved Devices

If you do not manage authorized drives, sensitive data can be copied onto these devices and shared with outsiders and your organization is the next statistic for data loss or theft.

If you don’t encrypt data before it is saved on the USB drive, hackers can bypass your anti-virus, firewall, or other controls, and that information is vulnerable. To ensure that your data is safe, it should be encrypted before being sent out via email or saved on removable storage devices. For organizations in which confidential or sensitive data is part of your business – such as financial, healthcare and government, encryption is the most trustworthy means of protection. Following the above will provide a “safe harbor” from penalties and or lawsuits related to data loss disclosures following new regulations.

This article originally appeared in the September 2020 issue of Security Today.


  • Maximizing Your Security Budget This Year

    7 Ways You Can Secure a High-Traffic Commercial Security Gate  

    Your commercial security gate is one of your most powerful tools to keep thieves off your property. Without a security gate, your commercial perimeter security plan is all for nothing. Read Now

  • Making Safety and Security Intrinsic to School Design

    Public anxieties about school safety are escalating across the country. According to a 2023 Gallup report, 44% of parents fear for their child’s physical safety at school, a 10 percentage-point increase since 2019. Unfortunately, these fears are likely to increase if the incidence of school tragedies continues to mount. As a result, school leaders are now charged with two non-negotiable responsibilities. The first, as always, is to ensure kids have what they need to learn, grow, and thrive. Sadly, their second responsibility is to keep the children in their care safe from threats and physical danger. Read Now

  • The Power of a Layered Approach to Safety

    In a perfect world, every school would have an unlimited budget to help secure their schools. In reality, schools must prioritize what budget they have while navigating the complexities surrounding school security and lockdown. Read Now

  • How a Security System Can Enhance Arena Safety and the Fan Experience

    Ensuring guests have both a memorable experience and a safe one is no small feat for your physical security team. Stadiums, ballparks, arenas, and other large event venues are increasingly leveraging new technologies to transform the fan experience and maintain a high level of security. The goal is to preserve the integrity and excitement of the event while enhancing security and remaining “behind the scenes.” Read Now

Featured Cybersecurity


New Products

  • HD2055 Modular Barricade

    Delta Scientific’s electric HD2055 modular shallow foundation barricade is tested to ASTM M50/P1 with negative penetration from the vehicle upon impact. With a shallow foundation of only 24 inches, the HD2055 can be installed without worrying about buried power lines and other below grade obstructions. The modular make-up of the barrier also allows you to cover wider roadways by adding additional modules to the system. The HD2055 boasts an Emergency Fast Operation of 1.5 seconds giving the guard ample time to deploy under a high threat situation. 3

  • Luma x20

    Luma x20

    Snap One has announced its popular Luma x20 family of surveillance products now offers even greater security and privacy for home and business owners across the globe by giving them full control over integrators’ system access to view live and recorded video. According to Snap One Product Manager Derek Webb, the new “customer handoff” feature provides enhanced user control after initial installation, allowing the owners to have total privacy while also making it easy to reinstate integrator access when maintenance or assistance is required. This new feature is now available to all Luma x20 users globally. “The Luma x20 family of surveillance solutions provides excellent image and audio capture, and with the new customer handoff feature, it now offers absolute privacy for camera feeds and recordings,” Webb said. “With notifications and integrator access controlled through the powerful OvrC remote system management platform, it’s easy for integrators to give their clients full control of their footage and then to get temporary access from the client for any troubleshooting needs.” 3

  • ResponderLink


    Shooter Detection Systems (SDS), an Alarm.com company and a global leader in gunshot detection solutions, has introduced ResponderLink, a groundbreaking new 911 notification service for gunshot events. ResponderLink completes the circle from detection to 911 notification to first responder awareness, giving law enforcement enhanced situational intelligence they urgently need to save lives. Integrating SDS’s proven gunshot detection system with Noonlight’s SendPolice platform, ResponderLink is the first solution to automatically deliver real-time gunshot detection data to 911 call centers and first responders. When shots are detected, the 911 dispatching center, also known as the Public Safety Answering Point or PSAP, is contacted based on the gunfire location, enabling faster initiation of life-saving emergency protocols. 3