Encrypted USB Drives are Key Component of Impending GDPR Compliance
Author: Hrvoje Jakovac
Date: 16 May 2018
Kingston has been at the forefront of how the new General Data Protection Regulation (GDPR) cybersecurity regulations effective this month will affect anyone who processes data of European Union residents. Major corporations and global organizations are reacting to the security threat of removable storage by banning them without realizing the problems this creates. Instead, the use of encrypted USB Flash drives - such as Kingston's IronKey and DataTraveler models - along with having standards, policies and guidelines for the use of encrypted USB storage devices are essential elements in promoting cybersecurity, maintaining workforce productivity and compliance with GDPR.
"We believe that businesses and other entities which ban their employees from using removable storage devices have not conducted sufficient analysis to understand the many ways data flows in and out of an organization," said Richard Kanadjian, encrypted USB business manager, Kingston. "Simply stopping USB usage altogether will not prevent people from exposing or stealing valuable data, but there are readily available solutions to control access to USB ports, USB drives and what data can be copied to them."
The GDPR Impacts Most US Based Organizations
The EU GDPR, to be fully implemented this month, seeks to strengthen data-protection rights for individuals within the EU. It aims to future-proof data protection in the EU and to non-EU organizations, which process data of EU residents. In case of a data breach, organizations will face fines of up to 4 percent of their annual global revenue or 20 million euros (whichever is greater) and must inform their national supervisory authority.
The average cost of a data breach has increased globally by 23 percent since 2013. The average cost of a data breach for large organizations in the EU is 3.7 million euros and in the U.S. is $7 million.
The Cybersecurity Challenge of Removable Media
Major announcements from companies that recently banned removable media did so because "the possible financial and reputational damage from misplaced, lost, or misused removable portable storage devices must be minimized." And with the implementation of GDPR this month, there are significant financial incentives to minimize risk.
Blocking or prohibiting employees from all USB ports sounds like an easy solution, however, it can also restrict their productivity and lower their work efficiency. Today's mobile workforce has legitimate business purposes for using removable media. For instance:
Non-cloud storage: A mobile workforce may not have access to necessary files or ability to transfer files due to unreliable local "Free Wi-Fi," network permissions or firewalls
Service Level Agreements (SLA): Servicing systems or helping customers with software deployment requires distributing patches via a USB drive
Remote data: Field research data collection from emergency response, scientific to military situations
Banning the use of USB drives has been done before. Few - if any - have been successful. Most bans were replaced by instituting and adhering to efficient standards / policies that incorporated or mandated the use of encrypted USB drives. These solutions have helped businesses large and small transport their mobile data safely and confidently for years.
The Solution: Encrypted Drives
Encryption is one of the most trustworthy means of protection, especially in cases involving confidential or sensitive data. Encrypted USB drives are security product solutions and an essential pillar of a comprehensive data loss-prevention (DLP) strategy. Experts say companies and organizations must insist employees use only encrypted USB drives, which combine the productivity advantages of allowing USB access while protecting the information onboard. Encrypted USB solutions are designed to protect even the most sensitive data, using the strictest security regulations and protocols.
Encrypted USB drives are powerful tools in closing security gaps. They help ensure security and compliance by offering:
Hardware-based AES-256bit Encryption in XTS mode
Anti-virus / malware protection
Ability to be managed remotely
TAA Compliant / FIPS Certified
Capacities ranging from 4GB to 128GB
Kingston's customization program