Kingston IronKey S1000 USB Drive

Using and Promoting Encrypted USB Flash Drives in Your Organization

Tips to help your organization keep confidential information confidential and comply with regulations such as the EU’s GDPR and New York’s NYDFS.

Build an Encrypted USB Plan: Protect & Comply

  • The best time to develop an encrypted USB plan is before you need to prove you had one– incorporate encrypted USB Flash drives and policies into your organization’s overall security strategy.
  • Institute an encrypted USB or external drive best practices with the issue of an employee badge and/or company laptop as standard practice of policy and orientation.
  • Have a contingency plan in place for recovering lost drives.

If you don’t have a plan in place for encrypted USBs or external drives and guidelines for their usage, you have nothing to build on and your organization is at risk at every level– including failure to comply with regulations. Data loss and data breaches have only grown more expensive for companies as threat actors’ efforts have grown more sophisticated. A cybersecurity study in 2021 found that the average cost of a data breach globally was US$4.24 million. That was a 10% increase over the cost in 2020. Avoid facing these costs by devising and sticking to a practical plan for data security, one which avoids BadUSB attacks by using only approved, encrypted USBs or external drives.

Identify the Best USB Flash Drives for Your Organization

Kingston IronKey IKVP50 connect to a laptop

Select the correct USB Flash drive to fit your organization’s needs. Recommended actions would be to:

  • Determine the reliability and integrity of USBs or external drives by confirming compliance with leading security standards, e.g. AES 256 Encryption, FIPS 197 or FIPS 140-2 Level 3. Kingston provides customized options for businesses that have special requirements.
  • Understand the many options available that balance corporate needs for cost, security, and productivity. Ensure you have the right level of data security for the right price. If you don’t need military-grade encryption or casing, don’t pay for it.
  • Work with your purchasing department if you need to and get the support from executive management.

Without the appropriate research, your initiatives may be more challenging to implement and difficult to justify. Simple analysis of what your organization needs and knowing there’s a range of easy-to-use, cost-effective, encrypted USB or external drive solutions can go a long way toward enabling both your organization and your end users to get a handle on the issue, thereby managing risks and reducing costs.

Train and Educate

Kingston IronKey IKVP50 Encrypted USB Flash Drive

Establish a training program that educates employees on acceptable and unacceptable use of USB Flash and external drives and Bring Your Own Device (BYOD) policies.

  • Walk users through actual breach incidents and other negative consequences that occur when using non-encrypted USBs and external drives.
  • Get HR and senior management involved to support your data security initiatives. All new and current employees should be trained as part of the company orientation and ongoing training for policy standards.
  • Create a trade-in program. Engage employees by having them trade their personal USBs or those that they use for business or as storage devices that were acquired at trade shows etc. for company-authorized USB and external drives.

If you don’t train and educate end users on the risks, you don’t have a tightly sealed data leak prevention strategy, and you’ll leave yourself prone to breaches. A Ponemon USB security study found that 72% of employees use free Flash drives from conferences, trade shows, business meetings, etc.– even in organizations offering ‘approved’ USB options.

Establish and Enforce Policies

Institute policies for the proper use of electronic portable storage media, including USB Flash drives. Start by:

  • Identifying those individuals and groups needing access to and/or download sensitive and confidential data on encrypted USB and external drives and set a policy that allows them access.
  • Documenting policies for IT teams and end users.
  • Mandating that all employees attend training and sign an agreement post-training so they understand the acceptable use policies and the implications of not following guidelines.

If you don’t have the right policies in place for all to follow, USB and external drives can potentially be the downfall of your data security strategy. Setting a policy is the first step, and a highly important one. The Ponemon study also found that nearly 50% of organizations confirmed that they had lost devices carrying sensitive or confidential information in the 24 months prior to being surveyed.

Provide Company-Approved USB and External Drives

Kingston IronKey S1000 USB Flash Drive

Provide employees with approved, encrypted USB Flash drives for use in the workplace. Approved Flash drives should have the following features:

  • Proven hardware-based encryption using Advanced Encryption Standard (AES) 256-bit encryption in XTS mode. Hardware-based security provides portability and superior encryption over software-based solutions. Software based solutions are known as “removable encryption” – Format the USB or external drive and it becomes a storage drive waiting for a breach with no encryption. Hardware-based encryption should be always-on, never removable.
  • User storage space should be 100% encrypted, with no non-secured storage space.
  • Hardware-based password authentication to limit the number of consecutive wrong password attempts possible by locking devices when the maximum number of wrong attempts is reached. This is called Brute Force attack protection. Software encrypted drives do not offer such protections and can be successfully attacked by programmatic password guessing software.
  • FIPS standards equivalent to or greater than your industry or company’s requirements (FIPS 197 and/or FIPS 140-2 Level 3). FIPS 197 is your guarantee that AES 256-bit encryption with XTS mode has been properly implemented, while FIPS 140-2 Level 3 adds strong anti-tampering protections as well. Don’t rely on any hardware solutions without at least FIPS 197 certification.

If you don’t provide encrypted USBs and implement policies that allow end users to be productive, employees will, out of necessity, usually find a way to circumvent these security systems.

Encrypt Confidential Data

Kingston IronKey IKVP80ES Encrypted SSD connected to a laptop

To ensure that your data is safe, it should be encrypted before being sent out via email or saved on removable storage devices.

For organizations in which confidential or sensitive data is part of your business such as financial, healthcare, government, etc. encryption is the most trustworthy means of protection. Following these principles will offer a measure of protection against penalties and/or lawsuits related to data loss disclosures following new regulations.

If you don’t encrypt data before it’s saved on USB or external drives, hackers can bypass your antivirus, firewall, or other controls. That data is vulnerable. The Kingston IronKey™ S1000 Encrypted USB Flash drive features an on-device Cryptochip, providing a best-in-class and ultimate layer of hardware security.

The Kingston IronKey Vault Privacy 80ES is an external SSD with always-on hardware-encryption that is FIPS 197 certified. It comes with an innovative touch screen to enter a PIN or a Password up to 64-characters. It provides high-capacity storage with reliable, trustworthy encryption protection.

Kingston IronKey encrypted drives offer high levels of data protection and have been used by individuals, small and medium businesses and enterprises as well as government customers for decades. Kingston IronKey drives are trusted solutions worldwide for data protection.

  • 100% compliant encrypted USB data storage
  • Simple, easy to use, no software or driver installation needed
  • Designed for quick and efficient deployment

#KingstonIsWithYou #KingstonIronKey

Kingston’s Ask an Expert icon on a circuit board chipset

Ask an Expert

Planning the right solution requires an understanding of your project's security goals. Let Kingston's experts guide you.

Ask an Expert

Related Videos

Related articles