©2011 Kingston Technology Corporation. All rights reserved. All trademarks and registered trademarks are the property of their respective owners. Best.

Slides:



Advertisements
Similar presentations
Fast Reliable Certified Secure Data Recovery Does Your Enterprise Have A Security Gap ? HDI Sacramento Chapter August 16th, 2011.
Advertisements

Darton College Information Systems Use Policies. Introduction Dartons Information Systems are critical resources. The Information Systems Use Policies.
Copyright © 2012, Big I Advantage®, Inc., and Swiss Re Corporate Solutions. All rights reserved. (Ed. 08/12 -1) E&O RISK MANAGEMENT: MEETING THE CHALLENGE.
Avoid data leakage, espionage, sabotage and other reputation and business risks without losing employee performance and mobility.
Privacy, Security, Confidentiality, and Legal Issues
Invasion of Smart Phones in Clinical Areas Chrissy Kyak Privacy Officer University of Maryland Upper Chesapeake Health.
Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 25 & 27 November 2013.
1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.
Security for Today’s Threat Landscape Kat Pelak 1.
Data Security for Healthcare Facilities Debbie Abbott Health Information Consultant Resolutions (Int) Pty Ltd.
Copyright © 2014 Merck Sharp & Dohme Corp., a subsidiary of Merck & Co., Inc. All rights reserved. In practice, how do we recognize a potential Privacy.
Separate Domains of IT Infrastructure
Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.
Avoid data leakage, espionage, sabotage and other reputation and business risks without losing employee performance and mobility. Simplify authentication.
Security Controls – What Works
Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 18, 20 & 25 March 2015.
DATA SECURITY Social Security Numbers, Credit Card Numbers, Bank Account Numbers, Personal Health Information, Student and/or Staff Personal Information,
ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.
Stephen S. Yau CSE465 & CSE591, Fall Information Assurance (IA) & Security Overview Concepts Security principles & strategies Techniques Guidelines,
Why Comply with PCI Security Standards?
ACCEPTABLE An acceptable use policy (AUP), also known as an acceptable usage policy or fair use policy, is a set of rules applied by the owner or manager.
Term 2, 2011 Week 3. CONTENTS Network security Security threats – Accidental threats – Deliberate threats – Power surge Usernames and passwords Firewalls.
Network security policy: best practices
Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.
Company LOGO Copyright Carrie Kerskie Data Breach & Identity Theft By Carrie Kerskie Kerskie Group, Inc.
New Data Regulation Law 201 CMR TJX Video.
Security Information Management Firewall Management, Intrusion Detection, and Intrusion Prevention Intrusion Detection Busters Katherine Jackowski Elizabeth.
E-business Security Dana Vasiloaica Institute of Technology Sligo 22 April 2006.
1 Managed Security. 2 Managed Security provides a comprehensive suite of security services to manage and protect your network assets –Managed Firewall.
Information Security Technological Security Implementation and Privacy Protection.
Lesson 8-Information Security Process. Overview Introducing information security process. Conducting an assessment. Developing a policy. Implementing.
10 Tips for keeping MCL safe 1. Set up your defenses. Do you have adequate firewalls and antivirus software to protect you from hackers who could steal.
MOBILE DEVICE SECURITY. WHAT IS MOBILE DEVICE SECURITY? Mobile Devices  Smartphones  Laptops  Tablets  USB Memory  Portable Media Player  Handheld.
Section Seven: Information Systems Security Note: All classified markings contained within this presentation are for training purposes only.
Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.
GCSE ICT Viruses, Security & Hacking. Introduction to Viruses – what is a virus? Computer virus definition - Malicious code of computer programming How.
HIPAA PRIVACY AND SECURITY AWARENESS.
IT Security for Users By Matthew Moody.
Security Baseline. Definition A preliminary assessment of a newly implemented system Serves as a starting point to measure changes in configurations and.
AtomPark Software is founded in The head office is located in Saint-Petersburg, Russia. Company is officially registered in the United States. AtomPark.
1.1 System Performance Security Module 1 Version 5.
HQ Expectations of DOE Site IRBs Reporting Unanticipated Problems and Review/Approval of Projects that Use Personally Identifiable Information Libby White.
How Hospitals Protect Your Health Information. Your Health Information Privacy Rights You can ask to see or get a copy of your medical record and other.
Chapter 12 by Lisa Reeves Bertin Securing Information in a Network.
Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.
Security considerations for mobile devices in GoRTT
 INADEQUATE SECURITY POLICIES ›Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA.
PRIVACY, SECURITY & ID THEFT PREVENTION - TIPS FOR THE VIGILANT BUSINESS - SMALL BUSINESS & ECONOMIC DEVELOPMENT FORUM October 21, WITH THANKS TO.
Unit 6b System Security Procedures and Standards Component 8 Installation and Maintenance of Health IT Systems This material was developed by Duke University,
G061 - Network Security. Learning Objective: explain methods for combating ICT crime and protecting ICT systems.
Lesson 9-Information Security Best Practices. Overview Understanding administrative security. Security project plans. Understanding technical security.
Ali Pabrai, CISSP, CSCS ecfirst, chairman & ceo Preparing for a HIPAA Security Audit.
Last Minute Security Compliance - Tips for Those Just Starting 10 th National HIPAA Summit April 7, 2005 Chris Apgar, CISSP – President Apgar &
CONTROLLING INFORMATION SYSTEMS
Computer Security By Duncan Hall.
Chapter 3 Pre-Incident Preparation Spring Incident Response & Computer Forensics.
© 2013 Toshiba Corporation B2B PC Training Mailer - Toshiba Device Access Control.
1 © 2004, Cisco Systems, Inc. All rights reserved. Wireless LAN (network) security.
IS3220 Information Technology Infrastructure Security
Unit 2 Personal Cyber Security and Social Engineering Part 2.
SemiCorp Inc. Presented by Danu Hunskunatai GGU ID #
Welcome to the ICT Department Unit 3_5 Security Policies.
Protecting Data at Rest Through Encryption CIO Summit November 30, 2007.
Blackboard Security System
Lecture 14: Business Information Systems - ICT Security
Cyber Attacks on Businesses 43% of cyber attacks target small business Only 14% of small business rate their ability to mitigate cyber risk highly.
Chapter 3: IRS and FTC Data Security Rules
HQ Expectations of DOE Site IRBs
Personal Mobile Device Acceptable Use Policy Training Slideshow
Presentation transcript:

©2011 Kingston Technology Corporation. All rights reserved. All trademarks and registered trademarks are the property of their respective owners. Best Practices: Using and Promoting Secure USB Flash Drives in Your Organization Tips to help your organization keep confidential information confidential and comply with regulations

2 Build an Encrypted USB Plan: Protect & Comply The best time to develop an encrypted USB plan is before you need to prove you had one – incorporate secure USB Flash drives and policies into your organization’s overall security strategy. Have a contingency plan in place for recovering lost drives. If you don’t have a plan in place for secure USBs and guidelines, you’ve got nothing to build on and your organization is at risk at every level – including failure to comply with regulations. Do a simple Google search on data loss involving non-secured USBs and you’ll see organizations that did not have a solid plan.

3 Identify the Most Suitable USB Flash Drives for Your Organization Select the correct USB Flash drive that fits your organization’s needs. Recommended actions would be to: Determine the reliability and integrity of USBs by confirming compliance with leading security standards and ensuring that there is no malicious code on them. Understand the many options available that balance corporate needs for cost, security and productivity. Ensure you have the right level of security for the right price. If you don't need military-grade security, don't pay for it. Work with your purchasing department if you need to and get the support from executive management. If you don’t do your homework, your initiatives may by more challenging to implement and difficult to justify. Simple analysis of what your organization needs and knowing there’s a range of easy-to-use, cost-effective, secure USB Flash drive solutions can go a long way toward enabling your organization, and your end users, to get a handle on the issue.

4 Train and Educate Establish a training program that educates employees on acceptable and unacceptable use of USB Flash drives. Walk users through actual breach incidents and other negative consequences that occur when using non-secure USBs. Get HR and senior management involved to support your USB security initiatives. All new employees should be trained as part of the company introduction. Create a trade-in-program. Engage employees by having them trade their personal USBs or those that they use for business or as storage devices that were acquired at trade shows, etc. for company-authorized USB drives. If you don’t train and educate end users, you don’t have a tightly sealed data leak prevention strategy and you’re more prone to be breached. A recent Ponemon USB security study* found that 72% of employees use free drives from conferences and tradeshows, business meetings, etc. – even in organizations that offer ‘approved’ USB options. *Ponemon Institute Study

5 Establish and Enforce Policies Institute policies for the proper use of electronic portable storage media, including USB Flash drives. Start by: Identifying those individuals and groups that need access to and/or download sensitive and confidential data on secure USB drives, and set a policy that allows them access. Documenting policies for IT teams and end users. Mandating that all employees attend training and sign an agreement post-training so they understand the acceptable use policies and the implications of not following guidelines. If you don’t have the right policies in place for all to follow, USB drives can potentially be the downfall of your data security strategy. Setting a policy is the first step, but it’s an incredibly important one. Underscoring the need to establish and enforce USB policies, the Ponemon study results revealed that nearly 50% of organizations confirmed having lost drives containing sensitive or confidential information in the past 24 months.

6 Provide Company-Approved USBs Provide employees with approved, encrypted USB Flash drives for use in the workplace. Approved Flash drives should incorporate the following features: Proven hardware-based encryption using Advanced Encryption Standard (AES) 256. Hardware-based security provides portability and superior encryption over host-based software encryption. User storage space should be 100% encrypted. No non-secured storage space should be provided. Hardware-based password authentication that limits the number of consecutive wrong password attempts by locking the devices when maximum number of wrong attempts is reached. If you don’t provide secure USBs and implement policies that allow end users to be productive, employees usually find a way to work around these security systems out of necessity.

7 Manage Authorized USBs and Block Unapproved Devices Use device-level management software to manage USB Flash storage devices. Centralized device-level management software allows for drive control over LAN and Internet connections and is an excellent tool for: Establishing and enforcing secure USB usage policies on an individual and/or group basis. Auditing file activity to better track data moving in and out of your organization. Providing remote content backup for users who transport critical data. Remotely disabling devices when lost or compromised and remote password reset when forgotten. If you do not, sensitive data can be copied onto these devices and shared with outsiders and your organization is the next statistic for data loss or theft.

8 Encrypt Confidential Data To ensure that your data is safe, it should be encrypted before being sent out via or saved on removable storage devices. For those organizations in which confidential or sensitive data is part of your business such as financial, healthcare, government, etc. encryption is the most trustworthy means of protection. Following the above will provide a “safe harbor” from penalties related to data loss disclosure regulations. If you don’t encrypt data before it’s saved on USBs, hackers can bypass your anti-virus, firewall or other controls, and that information is vulnerable.

9 Ensure endpoint-host computer systems are equipped with up-to-date anti-virus software. Consideration should be given to software programs that provide protection against malware on the USB device when used in non-corporate controlled PCs. New threats emerge every hour or less, and can come from anywhere — , websites and removable media like USB drives and CDs. Up-to-date anti-virus software is critical for keeping your network safe from known and unknown threats. Tips provided by: Certify Anti-Virus Protection is Present at Every Entry Point

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.