Data protection and cyber-security: Harnessing the power of write protected USB drives, Greg Morris, CEO of Nexcopy Incorporated based in Southern California, looks at the opportunities for enterprises surrounding read-only USB technology.
November 18, 2020
The world is a global digital economy more than ever before and that move includes the digitization of intellectual property and assets which are shared between customers and clients. The cases of sophisticated data breaches, hacking and cyber crimes target individuals, government entities and private corporations. These attacks have grown by leaps and bounds in the last ten years. According to one report published from a securities website, an enterprise may suffer an average loss of $3.92 million as a result of data intrusion and hacking.
Cyber threats and risks are becoming more severe as IP is increasingly stored in digital format. As such, keeping the digital data, especially confidential data, away from cyber criminals is imperative and should be a primary concern for IT managers and professionals. Without a data protection strategy, an enterprise is unwittingly providing an entry point for cyber criminals to obtain valuable information, which could be worth millions of dollars.
Cyber-security and endpoint data loss protection are key strategies in keeping digital attacks at bay. Strategies which encompass all aspects of data entry points is critical, from the mass storage physical devices like USB flash drives, to network connectivity with cloud storage and network communications.
With this in mind, having efficient and easy to use storage and memory devices is key to enterprise employees adhering to security protocols and at the same time have an ease-of-use through execution of such protocols. Empowering employees on deciding for themselves when, where and which devices to work with is an underrated component of an overall security strategy, yet incredibly important. With the empowerment given to employees, a management team must still account for, and eliminate, user error or forgetfulness even in the most cautions of protocols and procedures.
The USB flash drive was first introduced to the United States via IBM in the year 2000. Today, twenty years later, the flash drive is still a primary storage device used when sharing information. This is true for government, healthcare, finance, automotive, telecommunication and manufacturing, who still rely heavily on USB storage devices, which, if not secure, can inadvertently lead to leaked personal and private information. Employees use USB drives for faster exchange of information and better collaboration between departments or job positions. Employers should be able to provide the needed data storage devices while also ensuring a no-fault security system is in place to protect the company’s intellectual property and the company’s network infrastructure.
For example, in the healthcare sector, it is common practice among doctors to use mobile data storage devices to transfer data easily from a doctor’s office to say that of a hospital. Each location holds sensitive data with patient records and it’s equally important those locations are safe from hacker intrusion. When transferring data between one location and another via a USB flash drive, it is important that device remains secure. The responsibility of digital security falls on the IT professional who manages these digital networks, but also responsibility is held by the user of those technologies.
In order for a virus to spread between locations via a storage device, like a USB flash drive, implys the USB must carry the virus or malicious code from one location to the next. However; these devices cannot get infected if the USB is a read-only device. Meaning the device cannot add new digital content, digital files or malicious code if the USB is not allowed to write data into memory. After the drive is connected and the network scans the device for malicious code the user has access to the drive, at which point a secure password can be entered to unlock the read-only flash drive and make it read/write. The USB drive is always write protected when first connected to any digital device, it is impossible for a virus to jump onto the drive without the user knowing. Only when the user knows the device and environment is safe from hacking, can the password be entered to access the USB drive as a read/write device to transfer files from one location to another.
This type of USB flash drive is called a Lock License drive.
The unique thing about this Lock License flash drive, is the write protection is always enabled whenever the USB is disconnected from the computer. Meaning, the default status of the drive is read-only when connected to any device. When the storage device is reconnected to any computer, it is read-only and files cannot get onto the drive until a password is entered. However, the user experience is very nice and easy because files can always be copied off the drive, without a password. The user gets the full benefit of ease-of-use which a USB flash drive is so well known for, without the hassle and worry of the storage device being exposed to malicious software for data breaches or hacking.
The same caution must be observed with systems-control applications. System Control products are hardware based products which use firmware to run the mechanical product. The hardware are things such as turbine controls for water and power facilities, large pumps for water work facilities or motors to capture wind generated energy. These products are the back-bone of American infrastructure and must be secure at all times. A typical encrypted flash drive doesn’t work to update the firmware of these types of products because the system-control products do not have a user interface to enter passwords. However; a read-only USB device is valuable because it is secure from spreading a virus to the system control units and at the same time the systems control unit can pull firmware or updates from the USB drive without fear of also getting malicious code. The device is not writable, so malicious software or hacking code cannot embed itself into memory on such update devices.
Investing in data protection and cyber security solutions is the primary function of IT professionals and multiple systems and layers of security steps are required to keep a corporation or enterprise safe and secure. By locking down the most common entry point, a USB port, with read-only USB flash memory products from Nexcopy is a key ingredient to the overall success of a cyber security strategy. When correctly combined with endpoint software management, hardware-based write protected USB storage devices can empower public and private sector enterprises and allow them to gain control of their organization’s devices
Learn more about Nexcopy’s USB write protection for flash memory.Continue Reading