USB flash drives are everywhere. More than five billion of the devices are sold globally every year, generating $64.24 billion in revenue. While they are incredibly convenient, they are also a bane for corporate I.T. executives, as these ubiquitous little flash drives carry with them huge data security risks.
Consider the 2018 Heathrow breach, when an employee at London’s Heathrow Airport lost an unencrypted USB flash drive that contained 76 folders and more than 1,000 confidential files. Included on the USB flash drive were the names, birthdates, and passport numbers of more than 50 aviation security staff.
The flash drive was later found by a man on a West London street, who viewed its contents at a local library. Along with the aforementioned security staff information, the flash drive also contained:
- A timetable of patrols that was used to guard the site against suicide bombers and terror attacks,
- Routes and safeguards for Cabinet ministers and foreign dignitaries, and
- The exact route the Queen took when using the airport and security measures used to protect her.
Although Heathrow was hit with a £120,000 fine by regulators, the damage could have been much worse.
The Heathrow breach is not an isolated incident. For instance, in 2008, an administrator in Texas’ Harris County Hospital District downloaded medical and financial records for 1,200 patients with HIV, AIDS, and other medical conditions onto an unencrypted USB flash drive so that she could work on a project at home. The flash drive was then lost or stolen, resulting in one of the largest HIPAA violations in U.S. healthcare history, as the flash drive included patient names, birthdates, and Medicare/Medicaid numbers.
But Your Employees are Smarter Than This, Right?
So, if you think your employees know enough to use encrypted USB flash drives, then a recent survey of U.S. companies might cause you to think twice.
Among the survey’s results were these two disturbing findings:
- While 91% of survey respondents said they knew the importance of using encrypted USB flash drives, only 42% said they actually did.
- Nearly half (48%) of employees lost USB drives without notifying appropriate authorities about the incident.
Arguably, USB flash drives are the weakest link in the data security chain, and with so many employees now working from home, the problem is only growing more dire. While mandating the use of encrypted USB flash drives is a place to start, it is simply not enough.
Next-Generation USB Flash Drives
To reduce the likelihood of data breaches, stronger safeguards need to be implemented through the use of next-generation USB flash drives that prevent unauthorized users from transferring data to and from the drives.
Coupled with secure USB connectors, these next-generation flash drives allow organizations to apply authentication software, such as security tokens, to ensure sensitive information is not compromised.
Sound expensive? It’s not. The cost of one of these USB flash drives is less than $50, and when considering the cost of the Heathrow fine or the exposure of 1,200 patient records, it seems like the smartest investment most organizations can make all year.