Age 85 Blog

How to Avoid Data Breaches by Securing USB Drives

data breachWith the use of USB at mass level to store data, it is more important than ever before to establish strong policies to protect data. According to a research, companies do not focus much on the security of their USB drives. Businessmen are found to distribute data through USBs without the clearance by their IT department. Only a negligible numbers of business heads are known to keep the records of the number of USBs used in their business activities. Companies think that the real security threat to their data is from the hackers and other external powers. But, the biggest threat to their data is from their own employees. Workers transfer delicate data like financial information of the business, information about clients, marketing strategies or tender information at a large volume that can result in a data breach intentionally or unintentionally. (Read more at on how to mitigate data breach damage)

When companies establish a policy regarding data security, these policies should be communicated from the highest level of the hierarchy to the lowest level. Companies should make their employees understand the policies and emphasize to follow those guidelines. Employees ought to answer their superior in order of any policy violation. The company must Mandate a strict policy for employees, highlighting that no employees that no personal storage devices to be connected to the machines that are operational for business purposes. Personal data storing devices can infect the company's computers or network systems. All the USB devices or other portable devices should be checked carefully by the IT department. Only those portable devices should be connected to the systems that have been authorized by the IT department. It will be helpful if these portable devices are scanned or a regular basis.

All the data that is saved in USB should be encrypted using 256-bit-AES Standards. Encryption gives an extra layer of security to the data. Data can be encrypted to Hardware or software encryption. However, it is recommended to use hardware encryption as it is more reliable. Data encryption prevents data from being lost.

Every piece of information that you save in a USB should have a back up too. If the data gets damaged, it can be recovered from that back up. If an ex-employee still has the possession of a USB that has been used for business purpose, he may breach data through it.

But, the basic policy that company can establish to instruct their employees to keep data security software for their USBs like USB Secure. This type of software can provide complete security to the company's data without any complexity.

Data breaches may lead to privacy violations and identity theft

Since the seminal data breach by data warehouser ChoicePoint six years ago, regulators, businesses and consumers have increased their awareness and reaction to organizations that mishandle sensitive consumer information. In early 2005, California was the only state that had a breach notification law. ChoicePoint allowed information on approximately 150,000 consumers to be accessed fraudulently. When ChoicePoint only notified California victims of the breach, a precursor to identity theft, victims and regulators reacted.

Since 2005, 46 states and three territories have enacted data breach laws. Only Alabama, Kentucky, New Mexico and South Dakota have not. Each state law is different making compliance onerous for any organization that has security breach where the victims reside in multiple states.

Since the ChoicePoint incident, over a half billion profiles have been compromised in 2,500 reported incidents. Some Americans have been victimized by security breaches multiple times, for example, by their schools, local, state or federal government, a retailer, financial institution or their favor charity. Some organizations have had multiple breaches. A third of the 2,500 reported breaches by organizations could not quantify how much information was accessed, lost, stolen or improperly disposed.

Most organizations haven't inventoried the consumer information they possess, and they don't have a method in place to detect a breach. Others that are aware of a breach in their organization either don't know they are suppose to report the breache or they choose not to for fear of retribution by consumers and regulators.

The common misconception that "data breach" or "information security" means computerized data also results in the lack of reporting. A breach of information can occur when sensitive consumer information is compromised regardless of its form.

The negative consequences of most information security breaches appear nil. Nonetheless, some have been significant, and others are unknown. Once consumer information gets into the hands of wrongdoers, it can be used nefariously to violate privacy and commit identity theft.

Consumers should ask questions of organizations that request their personally identifiable information such as their Social Security number and credit card numbers. Asking why an organization needs a Social Security number and other information is appropriate, including asking what are they going to do with it and how are they going to protect the information. 

There are three major historical databases of information security breaches: The Open Security Foundation Data Loss database, The Privacy Rights Clearinghouse Chronology of Data Breaches and the Identity Theft Resource Center's data breach compilation. Each of these are listed in this Examiner's Preferred Links, a resource listing that appears on the bottom of the right column of this Webpage.

As a new feature to this column,"occasionally, we will be chronicling selected data breaches as they are reported."


Posted Tue 03 January 2017 by Adriene in Finance