Why the Encrypted Flash Drive Should Be Important to Your OrganizationSome organizations still allow employees to utilize a non encrypted flash drive to store or transfer records. This is a little like playing Russian roulette. Every day, USB flash drives are found in a wide variety of places- dry cleaners, restaurants, airports, and taxi cabs. A recent study found in New York and London, over 12,500 portable devices (flash drives, laptops, iPods, cell phones) are left in taxi cabs every six months! It is not the cost of replacing the lost flash drive that should be important to organizations, it’s the accompanying costs:
- Detection and escalation time by employee
- Forensics and investigation time by IT staff
- Data Breach cost
- Lost intellectual property
- Lost productivity
- Other legal or regulatory costs that of the data breach to the organization.
“Protection of the sensitive data on the computer is critical. Not surprisingly, lost or stolen laptops are costly to organizations. But it’s not the replacement cost that should have companies concerned. Rather, it is the data and the risk of a data breach that can have serious financial implications for companies. The cost of a data breach represents 80% of the total cost of a lost laptop compared to 2% for replacing the computer. Encryption on average can reduce the cost of a lost laptop by more than $20,000.”If the direct cost of data loss is not convincing enough for organization to use encrypted flash drives, government regulations are working to enforce it in many cases:
- Nearly every state has implemented data breach reporting laws and penalties that range from $250 to $750 per record of personal identifiable information that is lost
- Some states are beginning to enforce the use of encryption and storage of personal information
- The European Union and Canada have implemented serious mandates for transmission of personal information, especially in regard to employees
- The Federal Government’s new HITECH Act, further strengthens existing HIPAA regulations in regard to ensuring portable data is using proper encryption security processes or the healthcare institution or partner risks up to $1.5 million in fines per violation
- Federal Information Security Act (FISMA) of 2002 established broad security requirements for U.S. Federal Government agencies and contractors and the OMB Memorandum M-06-16 requires that agencies encrypt all data on mobile devices unless the agency has determined that data to be non-sensitive. FIPS 140-2 establishes cryptographic requirements and security levels for encrypting data.
- The FTC will be implementing Red Flag Rules for the financial institutions that enforce steps that will prevent identity theft
- Policies that mandate the use of encrypted flash drives. These ensure that if a drive is lost, nobody can access the data since it will have been encrypted.
- Use of a port management software. This ensures that the encrypted drives are the only flash drives that are permitted to be used on the organizations computer