The ‘humble’ USB is back in business
Jon Fielding, Managing Director EMEA, Apricorn, explains why USB is returning to popularity, in his latest exclusive with Business Chief.
Cyber-criminals are fundamentally lazy. Given the chance, they will always go for the low hanging fruit; the path of least resistance. Most cyber-attacks are not carried out using sophisticated techniques, but by exploiting simple weaknesses such as out-of-date software, or phishing employees who haven’t been educated in good security hygiene.
Data is particularly vulnerable to attack when it’s moved outside of the organisation’s central systems. A survey carried out this year by Apricorn found that 29 per cent of organisations have suffered a data breach or loss as a direct result of employees mobile working. Nearly a quarter admitted they couldn’t be certain their data was adequately secured in remote working environments.
Step forward an old friend from the nineties and noughties: the USB storage device. This might seem like an old-fashioned way to do business now we can store pretty much unlimited volumes of data in the cloud, and access corporate information from wherever we are. But used as part of a multi-layered cybersecurity approach that centres around encryption, highly secure portable storage drives provide a practical way to safely store and transfer large amounts of sensitive data. Moving data physically and offline avoids the possibility that it might be targeted in the cloud, for example.
The GDPR wake-up call
GDPR began to bare its teeth this summer, with the Information Commissioner’s Office (ICO) hitting British Airways and the Marriott hotel group with hefty fines. This had a ripple effect on businesses. Cybersecurity has become a firm fixture on the agenda at board meetings, and organisations have recognised the urgent need to invest properly in data protection. In a recent survey carried out by Clearswift, 32 per cent of enterprise financial organisations in the UK cited the penalties levied against BA and Marriott as the main reason for increased board level involvement and IT security spend.
The enhanced awareness of the need for a stronger security posture has driven organisations to change the way they treat sensitive and personal data, with a focus on the end-to-end encryption of information when it’s being stored and moved.
The last line of defence
A process that transforms data so that it is unreadable by anyone without authorised access, encryption is specifically recommended in Article 32 of GDPR as a means to protect personal data. Two thirds of organisations now hardware-encrypt all information as standard – up from just half last year, according to Apricorn’s survey. There’s also a high level of awareness of the risk of not doing so: lack of encryption is behind 27 per cent of all data breaches, according to IT decision makers. Hardware encryption is seen as the gold standard. This offers much greater security than software encryption, and is particularly appropriate for highly regulated sectors such as defence, finance, government and healthcare.
By using portable hard drives and USBs with in-built encryption capability, businesses can extend this last line of defence outside of the organisation. All data is automatically hardware encrypted as an employee uploads it, locking it down so that even if a device is lost or stolen the information on it will be completely inaccessible. The human risk is eliminated, because responsibility for encrypting data is taken out of the user’s hands.
The need to enforce – and reinforce
Mandating the use of encrypted storage devices is not a silver bullet on its own. This approach must be bolstered with clear policies and processes that set out how devices are to be used, and how employees are expected to behave when they work remotely. These policies should then be enforced at a technical level, by blocking access to USB ports from all non-approved devices.
Protecting data from loss or theft is everyone’s responsibility – and senior teams need to lead by example and build a culture of accountability and compliance across the whole organisation. In addition to being trained in good cybersecurity practice, this means educating employees in the specific risks and legislation that apply to the business, how to be a responsible information owner, and the consequences of failing to follow procedure.
Cyber-risk in business will continue to escalate, and the number of successful data breaches will rise. There’s a plethora of high-tech sophisticated security solutions and tools on the market, and these should certainly be investigated. But there’s also merit in taking a leaf out of the cyber-criminals’ book; reverting back to basics and taking a straightforward approach to safeguarding the organisation’s data.
Integrating brand new, untested technologies can easily introduce more complexity and risk to an already challenging operational environment, and make it harder for employees to follow security policies. That’s why, backed up by policies and education, business hardware such as USBs have a new and a valuable role to play in an organisation’s cybersecurity defences.
For more information on all business in Europe, please take a look at the latest edition of Business Chief Europe.
Like what you see! Signup for our weekly newsletter