How many of us have not at one time or another misplaced a USB drive? Or maybe forgotten it plugged into a computer after a presentation? It is after all just a small device and in the continued rush of our everyday lives, it is easy to overlook such details. What happens however when it’s a company USB thumb drive? And what if it just happens to have the security details of one of the world’s biggest airport hubs on it? That is how the nightmares of the 21st century begin.
A USB drive containing highly sensitive data pertaining to London’s International Heathrow Airport, was recently found plugged into a public library computer. The data on it, amounting to 2.5 GB of information, included maps with the location of every CCTV camera in the airport, routes and security protection measures for the Queen, Cabinet ministers and visiting foreign dignitaries. The files were all unencrypted. Luckily, the man who found the USB stick decided to turn it in to a reporter from the Sunday Mirror, instead of posting the information online or seeking financial gain from its sale.
While airport officials and the London Metropolitan Police are currently looking into how such sensitive data could have left Heathrow’s offices to begin with, the incident has sparked worries over the security of the airport at a time when the United Kingdom is still under a severe-level threat alert after the bombing of a train at the Parsons Green Underground Station earlier this year in September.
The story made headlines as a possible disastrous security breach that was narrowly avoided. It is incidents such as these that show the paramount importance encryption has gained in the field of data protection. After all, no matter how many USBs are misplaced or stolen or how many employees with malicious intentions attempt to smuggle sensitive data out of the organization without his employer’s knowledge, that data becomes useless if it is encrypted and the person trying to access it does not have the appropriate key.
While some have deemed hard drive encryption cumbersome and disruptive to employees’ efficiency in dealing with day to day tasks, USB encryption does not hamper productivity in any way. Solutions such as Endpoint Protector, offer automatic deployment of Enforced Encryption to any USBs connected to company endpoints, ensuring that no data leaving the network is unencrypted. In this way, companies need not rely only on employees remembering to install an encryption solution on their USBs, but can make it a network-wide automatic rule. When users copy data onto USBs with Enforced Encryption, the files are automatically encrypted and the user is prompted to set a password for later access.
Even better, a cross-platform solution like Endpoint Protector offers USB encryption not only for PCs running Windows, but also Macs. Additional features allow for file tracing that ensures that administrators know what kind of data has been transferred outside the network onto USBs at all times. They also have the option of changing the policy for the USB thumb drive in order to block user access to the encrypted information.
In today’s increasingly portable world, it is essential that companies take measures to protect themselves from incidents that can result not only in data breaches or the loss of reputation, but that can make them vulnerable to criminal intent, industrial espionage or non-compliance with new data protection regulations such as GDPR, HIPAA, NIST etc. USB encryption is an easy first step towards better data security m/anagement, but a complete Data Loss Prevention approach is preferable, when both data at rest and in motion is secure from leaks or misappropriation.
While such incidents as those suffered by Heathrow International Airport can still be classified as accidents, once the GDPR comes into full force next spring, companies and organizations in Europe will be held accountable for their sensitive data’s security in the eyes of the law and negligence will no longer be tolerated, but will come at a high financial cost.
Download our free ebook on
Data Loss Prevention Best Practices
Helping IT Managers, IT Administrators and data security staff understand the concept and purpose of DLP and how to easily implement it.