Articles – From the horse’s mouth
I have had a look at the Kingston press release about the security of data held on USB flash drives and found that it was based on a Ponemon Institute study commissioned by Kingston. The main factor that I had observed was that the survey was based on data that represented the “big end of town” – the larger companies and government departments who typically handle a lot of high-stakes company and customer data.
Here I still find that small businesses and individuals are as at risk from removable-media data theft as are larger organisations. Most of these users would consider secure data storage as storing the confidential data on a USB memory key or external hard disk rather than on the computer’s hard disk. Here, they would keep that memory key or external hard disk locked in a desk drawer, filing cabinet or safe when the data is not needed. If the data isn’t changed or viewed often, like a valuables inventory, the USB memory key or external hard disk may be kept at a bank’s safe-deposit facility.
As well, the typical USB memory key can be attached to one’s keyring that has their house, car and business keys on it and a lot of these users may take advantage of the fact. These key rings are often at risk of loss due to absent-mindedness that can be common amongst us or theft as has been known to happen in the UK and Europe where houses have been broken into in order to steal the keys for powerful or expensive cars that are parked at these houses.
Of course, it is not just government and big business who handle or are responsible for “high-stakes” ultra-confidential data. Small businesses and individuals can also handle this kind of data, whether they provide services to these entities or not.
For example, I had provided technology assistance to a “one-person” business who valued fine art, antiques and collectables. This involved the handling of data relating to the collectable items and who owned the collectable items, as I commissioned newly-bought computers or trained her in computing techniques.
As well, individuals may need to keep copies of information pertaining to personal medical and legal issues where there is a strong emotional link. This information may be considered of high value where it concerns individuals who are in the “public eye” and the tabloid media are hungry for any bit of information about these individuals in order to run that exclusive “scoop”.
A common reality that this “enterprise-focused” article misses is that the typical small-business owner or personal user chooses and purchases their own computer hardware from retail. This is compared to larger organisations who maintain a dedicated IT team who is responsible for purchasing and maintaining the computer and communications technology for that organisation.
For this class of user, I would recommend that they use removable storage that is made by respected brands like Kingston, Verbatim, Sony or SanDisk. It may be worth knowing that some of the good retailers may resell these good brands under their own labels, usually in the premium end of those labels.
I would also recommend that you investigate the use of security-enabled encrypted USB memory keys. Here, I would look for those units that have continual software support from the vendor. This is important if you change your computing platform like what Apple hopes use do or move to newer versions of our current operating systems.
As well, you should make sure that you have good desktop security software on your computer. You could even get by with free programs like AVG or Microsoft Security Essentials. Even Macintosh users should make sure they run good anti-malware software on these computers especially as software threats are targeting this platform as well.
It is also worth making use of strong passwords or other data-locking options that the operating system or USB security software may provide for the confidential data. This may work in conjunction with the common practice of keeping the removable media under lock and key such as in a locked filing cabinet or safe.
What I fear is that a lot of press concerning data security tends to be focused at the big end of town and smaller users tend to be forgotten about. As well, a lot of the good-quality data-security options are often designed and priced out of the range of the small business operator or consumer even though there is a need for this level of data security amongst some of this class of user.