How to secure mobile data on USB drives for SMBs

Even if no actual harm comes from the mislaid data, the mere fact that unsecured data has been put at risk can lead to substantial fines and penalties. And these dangers and penalties apply to companies of all sizes, even small-midsized businesses (SMBs) that may not have the IT resources to devote to complex security measures.

While there's no easy way to prevent these small but multi-gigabyte-bearing items from going astray, there are easy -- and affordable -- ways ensure that employees secure sensitive data before it leaves the premises.

Here are some tips for securing data on mobile media:

Tip 1: Understand what sensitive data is, and why it needs to be protected:.

• What constitutes sensitive data can range from personal employee or customer information, to company trade secrets, customer contact/sales databases, product pricing and other competitive data.
• Why does it need to be protected? Regulations, such as Sarbanes Oxley, HIPAA and other industry/government compliance rules dictate that certain data be properly maintained; a breach or any other form of non-compliance may entail significant financial penalties. The potential impact of data loss to company productivity, finances, reputation and so forth, should also be considered.

Tip 2: Identify what data your employees want to carry, and why:

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT SMB storage tips Low-cost data storage replication options for SMBs Data migration strategies and best practices Five must-have data storage security tools for smaller businesses Data reduction strategies for SMBs Data migration strategies for multivendor storage systems Optimizing RAID data storage for your business Data backup and recovery choices for SMBs Virtual desktop infrastructure deployments: The pros and cons of VDI Data storage for virtual environments: Pros and cons of DAS, NAS and SAN The state of RAID data protection in enterprise storage today Small-midsized Business Backup SMB data storage briefs: Thecus Tech Corp. launches new NAS server, the N8800PRO Low-cost data storage replication options for SMBs SMB data storage news briefs: Vocalocity offers online storage and data backup services to SMBs Data reduction strategies for SMBs Iomega launches ix2-200 NAS desktop backup appliance with replication and iSCSI support Data backup and recovery choices for SMBs SMB data storage technology tutorials: Storage advice for smaller businesses What are the pros and cons of disk-based data backup for SMBs? GreenBytes launches data deduplication for primary and secondary data storage Low-cost data replication products address SMB restore needs

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary

>

• You should determine who (employee, contractor, customer, prospect, etc.) wants to carry data offsite, how much, to where and when. How much sensitive data is involved? Who will need access to this data? Will they need to work offline (e.g., on a plane)?
• Will employees only be carrying copies of data from the office, or also creating or capturing new data that should also be protected?
• How much auditing or control do you want regarding USB flash drive use, e.g., what files are downloaded, remote password reset, remote "kill" (delete data)?
• How much security management is your company's IT staff prepared to do? How much are you prepared to budget for them, or for third-party services?

Tips 3 & 4: Create a policy regarding out-of-office data and select products to implement it:

These two steps need to be done together, since the policies put in place will determine which products to consider. The products you select also may define/constrain the policies you can mandate.

• Create a "data out-of-office" policy, including what data is/isn't allowed to leave the premises and procedures for reporting a lost/missing drive.
• Decide who will be responsible for provisioning devices; e.g., will the company buy and provide all devices? Are users allowed to use their own USB drives to carry company data? May users put personal files on company USB drives?
• Publicize these policies -- post on bulletin boards and require that each employee sign a copy for their personnel file, before being given a company flash drive.

Tip 5: Test and train.

Make sure employees know how to secure and access data -- have training sessions.

Be sure to try the "limited number of password tries" software so you know how it works (using a copy of test data).

Flash drive and software vendors offer data security solutions for SMBs

Vendors offering secure USB flash drives include IronKey, Kingston Technology Corp., SanDisk Corp. and Verbatim. Some are whole-drive-secured; others allow a private (secured) and public (unsecured) partition. Other features may include rugged design and tamper-proof hardware; remote manageability and management/logging software and/or compatibility with third-party tools; FIPS 140-2 certified versions; and/or managed services for password backup, device management, etc.

Software products are also available, some of which may also handle media cards, external hard drives and even CD/DVD optical disks.

Software vendors offering the ability to do file/folder, public/private partition and/or full-device encryption include PGP Corp. and RSA Security. Open-Source encryption tools include TrueCrypt and Toucan. Security software is also available for U3 SmartDrive USB flash drives. GFI EndPointSecurity is an example of endpoint management software for USB flash drives and other devices.

The most important thing any SMB can do to protect its sensitive data is to ensure that the selected product is actually used. This requires employee education and some degree of enforcement. Make sure that you have central copies of passwords, especially if new data is being collected out of the office.

Daniel P. Dern is an independent technology writer. He can be reached at dern@pair.com. His web site is www.dern.com and his technology blog is Trying Technology.

Do you have comments on this tip? Let us know. Please let others know how useful this tip was via the rating scale below.

Do you know a helpful storage tip, timesaver or workaround? Email the editors to talk about writing for SearchSMBStorage.com.

Rate this Tip To rate tips, you must be a member of SearchSMBStorage.com. Register now to start rating these tips. Log in if you are already a member. Submit a Tip DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.