It is increasingly common to hear of someone in the news losing customer information on a company laptop or memory stick. This article looks at hardware and software options for USB flash security that firms and individuals should be considering.
USB drives are great for their portability and ability to store huge volumes of data that would have previously gone on hundreds of floppy disks. Securing this data without impeding the portability of the information is crucial to protecting the financial information, source code, employee data and other information that these USB drives invariably carry.
Securing USB data can be done using a software or hardware approach.
The software approach involves installing an application (e.g. FreeOTFE or TrueCrypt) on the drive that encrypts information as it is being stored. The data is only as secure as the algorithm that the software makers use combined with the complexity of the password used. If the device is lost then hackers may be able to read the memory and the data but it should be near impossible to decipher.
The more costly approach to USB flash security is to use hardware encryption in specially designed USB drives. Hardware encryption is widely used to fix computer security issues by transparently encrypting data as it is being stored to memory. Users can provide and additional password that is used with the hardware’s own encryption.
Note that if the password is lost in either option then the data cannot be recovered. The hardware approach protects companies from using weak passwords, but software that uses strong cryptography algorithms should still provide a high level of security even in the case of weak passwords being used.
Employees should follow the USB flash security policy of their firm, which may actually preclude the use of USB sticks, and home users should make password protecting USB data as important as backing up the drives contents.