Why the Encrypted Flash Drive Should Be Important to Your Organization

Some organizations still allow employees to utilize a non encrypted flash drive to store or transfer records.  This is a little like playing Russian roulette. Every day, USB flash drives are found in a wide variety of places- dry cleaners, restaurants, airports, and taxi cabs. A recent study found in New York and London, over 12,500 portable devices (flash drives, laptops, iPods, cell phones) are left in taxi cabs every six months! It is not the cost of replacing the lost flash drive that should be important to organizations, it’s the accompanying costs:

• Detection and escalation time by employee
• Forensics and investigation time by IT staff
• Data Breach cost
• Lost intellectual property
• Lost productivity
• Other legal or regulatory costs that of the data breach to the organization.

A 2009 study by the Ponemon Institute found the following:

“Protection of the sensitive data on the computer is critical. Not surprisingly, lost or stolen laptops are costly to organizations. But it’s not the replacement cost that should have companies concerned. Rather, it is the data and the risk of a data breach that can have serious financial implications for companies. The cost of a data breach represents 80% of the total cost of a lost laptop compared to 2% for replacing the computer. Encryption on average can reduce the cost of a lost laptop by more than $20,000.”

If the direct cost of data loss is not convincing enough for organization to use encrypted flash drives, government regulations are working to enforce it in many cases:

• Nearly every state has implemented data breach reporting laws and penalties that range from $250 to $750 per record of personal identifiable information that is lost
• Some states are beginning to enforce the use of encryption and storage of personal information
• The European Union and Canada have implemented serious mandates for transmission of personal information, especially in regard to employees
• The Federal Government’s new HITECH Act, further strengthens existing HIPAA regulations in regard to ensuring portable data is using proper encryption security processes or the healthcare institution or partner risks up to $1.5 million in fines per violation
• Federal Information Security Act (FISMA) of 2002 established broad security requirements for U.S. Federal Government agencies and contractors and the OMB Memorandum M-06-16 requires that agencies encrypt all data on mobile devices unless the agency has determined that data to be non-sensitive. FIPS 140-2 establishes cryptographic requirements and security levels for encrypting data.
• The FTC will be implementing Red Flag Rules for the financial institutions that enforce steps that will prevent identity theft

For organizations to be protected from both the internal costs of lost data and safe from the liability of regulatory fines, this is quite simple when it comes to flash drives- enforce the use of encrypted flash drives in the organization. This can be done by implementing two things within the organization:

1. Policies that mandate the use of encrypted flash drives. These ensure that if a drive is lost, nobody can access the data since it will have been encrypted.
2. Use of a port management software. This ensures that the encrypted drives are the only flash drives that are permitted to be used on the organizations computer

Many people think that using encrypted flash drives means a loss of convenience, where the drives might require software updates and the files are not always visible on computers away from the network or those that use a different operating system.  Although this is often the trade-off with using encrypted flash drives it does not have to be the case- organizations can actually have the convenience AND the security of encrypted flash drives. The LOK-IT Secure Flash Drive encrypts all data stored on the drive and can be used on any computer that has a USB port.