Are USBs part of your cybersecurity strategy?

Kingston IronKey D300S USB flash drive secures your data on the go

Hardware-based encryption utilises a dedicated processor physically located in the drive.
Hardware-based encryption utilises a dedicated processor physically located in the drive.

In October 2017, a person at Heathrow Airport in London misplaced a USB drive. This was not just any USB drive, however. It contained details of security protocols used to protect the Queen, as well as other sensitive security details about the airport.

USB losses like this happen more frequently than people think and are prime examples of why implementing a secure USB policy should be a top priority for organisations.

A study carried out by the Ponemon Institute and sponsored by Kingston proved that, while these devices may be small, the data breaches that can result from lost or stolen USBs are huge. More than 70% of respondents in the ‘State of USB Drive Security’ survey said that they are absolutely certain (47%) or believe that it was most likely (23%) that a data breach was caused by sensitive or confidential information contained on a missing USB drive. On average, organisations in the study have lost more than 12,000 records about customers, consumers, and employees as a result of missing USBs.

In response to the risks associated with using standard consumer USB drives, Kingston introduced a range of secure USB drives designed to help businesses transport their mobile data securely and confidently.

One of this is the IronKey D300S USB flash drive.  

Features

At the core of the IronKey D300S security, architecture is a 256-bit AES full disk hardware encryption.

Hardware-based encryption utilises a dedicated processor physically located in the drive. The processor contains a random number generator to generate an encryption key, which the user’s password will unlock.

Encryption and decryption take place on the hardware and does not require any type of driver installation or software installation on the host PC, with no trace left on the host system. It will lock down and reformat after 10 invalid attempts to protect against brute force attacks.

Additionally, it can generate a virtual keyboard that enables users to enter a password via mouse clicks, instead of using a physical keyboard, to reduce the risk of keylogger software intercepting the password being keyed in.

IT admins can avail the centralised management capabilities to remotely wipe or disable lost or stolen devices, reset passwords, manage device inventories and enforce policies.

A serial number and barcode are printed on the drive, allowing network administrators to simply read or scan the code instead of plugging in a drive to learn its serial number. If a lost drive is found, the owner can quickly be tracked by the serial number. Admins can determine who should or should not have access to the USB port and monitor what files are being transferred.

Usually, secured USBs have to compromise speed over security. However, with USB 3.0 technology, the IronKey D300S is fast on data upload/download.

The IronKey D300S is wrapped in a rugged zinc casing and tamper-evident epoxy seal for physical security.

A notorious malware known as BadUSB was discovered a few years ago. This was the first USB malware designed to attack the device itself instead of attacking the data on the device. BadUSB attack changes the firmware that controls the behaviour of the USB hardware, allowing the USB device to become a host that can subsequently infect other computers and USB devices. The modified controller firmware cannot be detected by today’s anti-malware solutions, and in many cases, may remain undetectable.

IronKey’s use of digital signatures in all controller firmware makes its products invulnerable to this threat.

Usage

Installation is straightforward. Once you insert the D300S into the USB port and your notebook or desktop detects it, you will be prompted to begin the initialisation process. Click on the ‘Run IronKey.exe’ to execute the IronKey

You will be prompted to create a password (and confirmation) to protect your data on the D300S. The password you create must meet certain criteria including a minimum of eight characters in a combination of upper case, lower case, numeric, and/or special characters (!, $, etc.)

The D300S will then format the secure data partition and notify you when it is complete. Once the D300S has been initialised, you can access the secure data partition and utilise the device options by logging into the device with your password.

Use cases

Organisations are tasked with the challenge of complying with an ever-increasing list of regulatory standards designed to protect sensitive data in transit and at rest.

The public sector is especially sensitive; non-compliance can lead to loss of public trust while companies that work with government agencies can be disqualified from working on government contracts for non-compliance.

Government agencies can use Kingston IronKey encrypted USB Flash drives to use data anywhere. Law enforcement personnel can review and update case files in the field, while scientists, analysts, and forecasters can access data sets from any location with a PC or tablet.

The other one is healthcare, where agencies must comply with strict data security mandates.

With Kingston IronKey Encrypted USB drives, doctors can securely and easily access patient data from anywhere. Temporary medical and pharmaceutical personnel can gain trusted access to applications and records when on assignment or working from home.

Clinical trial contributors, managers, and auditors can securely enter or review trial data at any location with a PC or tablet, while insurance claims adjusters, examiners and investigators can have unlimited access to records.

Financial services companies, on the other hand, are bound to comply with an expanding array of data security regulations and standards.

The cost of failing to comply with these regulations is significantly higher than the cost of compliance.

Kingston IronKey can help financial teleworkers safely access data and applications from home. In case of severe weather or other disasters, organisations can provide key personnel with access to critical data to maintain operations, while the IT department can enforce access and use policies from a central console.

Cloud, for all its benefits, falls short in several areas. One of them is the lack of consistent access especially when internet access is unavailable. The other thing is the general mistrust of WiFi.

With an encrypted USB drive (WiFi or not) users can rest easy that their data is protected, available and if lost, confident no one will have access to the encrypted files.

Security policies

A common practice is for organisations to simply shut down all USB ports, potentially limiting the productivity of an increasingly mobile workforce. Encrypted USBs such as the IronKey allow organisations to be secure without affecting efficiency.

USB drive security standard should be part of an overall corporate security policy. Without this, USB drives can potentially be the downfall of any data security strategy. An encrypted USB can complement existing endpoint security at the device level of data loss prevention (DLP).

Most Popular

Digital Edition

Subscribe today and get your copy of the magazine for free