Heathrow Airport in London (30 October 2017) uses unencrypted USB drives for its non-cloud storage. Unfortunately, it was not standardized on encrypted USB drives. The failure to implement proper standards in data security / data loss protection with encrypted USB storage has now cost the EU a major breach of confidential and restricted information.
London – An unencrypted USB just gave away confidential and restricted files:
- The drive had 76 folders / 174 documents
- Details of measures used to protect the Queen
- Files disclosed the types of ID needed to access restricted areas
- A timetable of security patrols
- Maps pinpointing CCTV cameras
- One document highlighted recent terror attacks and talked about the type of threat that the airport could face
USB losses like this happen more frequently than expected and are prime examples why implementing an encrypted USB standard/policy should be a top priority; both within your personal habits and most urgently, your organisation.
Take advantage of Kingston’s encrypted USB line, including the renowned IronKey solutions, which covers all business and government requirements. Learn more
What’s important?
Key variables in this regard are the human element and insider threat due to lax standards/policies and a lack of accountability and responsibility. Data, personally identifiable information and confidential information are the main elements in need of the most secure protection.
Encrypted USB, non-cloud storage is a must!
As recent breaches, exposures and compromised assets have shown, most of these incidents occurred due to preventable mistakes. The majority of incidents can be attributed to simple oversight due to a lack of attention or a failure to implement proper standards, policies and procedures.
It is essential to ensure the security and protection of citizen/employee information, ranging from personal information to healthcare and financial information. There is also an urgent need to protect confidential corporate information, national security, defence strategies and intelligence.
Are you the next headline?
2018 regulations: Avoid significant fines and lawsuits from non-compliance
Both EU GDPR and NYDFS - 23 NYCRR 500 call for data encryption:
- Security of data processing standards
- Organisations must encrypt sensitive data both in-transit and at-rest.
- EU GDPR: Encryption of personal data (Article 32, Security of processing)
- NYDFS: Encrypt sensitive data both in transit and at rest. (Section 500.15 Encryption of Nonpublic Information.)
Top 3 requirements
Cloud storage / non-cloud storage
As we know, the cloud is a great solution, but you must also consider the following factors:
- Consistent access – Will you always have Internet access?
- Reliable/secure access – Can you trust “free” Wi-Fi?
- Next cyber-attack – Are you at risk of malware/ransomware?
With an encrypted USB drive (with or without Wi-Fi) you can rest assured that your data is protected and available when you need it. If lost, you have the confidence that no one will have access to the encrypted files.
Compliment your existing endpoint security at the device level
Kingston/IronKey encrypted USBs are the perfect solution to avoid shutting down all USB ports. The last thing you need is to intentionally create an inefficient or non-productive mobile workforce.
Endpoint security can offer many advantages in user and group profile policies.
- Determine who should or should not have access to the USB port
- Issue a company-standard Kingston encrypted USB drive
- Lock in a specific model of USB drive - only one type of encrypted USB drive will work
- Lock out any other device that is plugged in – only the company-issued encrypted USB drive will work
- Allow or restrict files that can be transferred to the encrypted USB drive
- Monitor what files are being transferred and the last time the drive was used
Manage threats and reduce risks
Kingston’s family of encrypted USB drives, including the renowned IronKey solutions, provides multiple levels of security, data protection and risk management features.
- 100% compliant encrypted USB data protection storage
- Hardware-based 256-bit AES encryption in XTS mode
- FIPS 197 and FIPS 140-2 Level 3 "Certified"
Management solutions available
Instantly gain complete and granular control over all of your encrypted USB drives
- SafeConsole - DTVP 3.0 & DT4000G2 Managed
- IronKey EMS - IronKey D300 Managed & IronKey S1000 Enterprise
Learn More
Global Regulation on Encrypted Data Protection:
 |
EU General Data Protection Regulation (EU GDPR) Effective: May 2018Applies to every organization that processes personal data of EU citizens, will take full effect in May 2018. Organizations to implement and ensure a level of security appropriate to the risk, including…encryption of personal data" (Article 32, Security of processing) |
 |
New York Department of Financial Services (NYDFS - 23 NYCRR 500) Effective: February 2018Applies to every organization in New York that processes corporate / personal data. The proposal calls for organizations to encrypt sensitive data both in-transit and at-rest. (Section 500.15 Encryption of Nonpublic Information.) |
