The USB is back – as an essential defence against data breaches

Could the humble USB be making a comeback? Jon Fielding, MD EMEA of Apricorn, discusses why secure usb drives are seeing a resurgence in popularity

Once an indispensable piece of business hardware, found in pretty much every briefcase and office drawer, the USB drive’s popularity waned as technology advanced. Today, large volumes of data can be transferred online and stored in the cloud, while mobile devices give us access to corporate information wherever we are. But as concerns rise over how to protect data when it’s on the move, removable storage devices once again have a key role to play: as a crucial part of a business’s cybersecurity defences.

New working practices and technologies have brought additional risk to businesses. In a survey carried out by Apricorn this year, almost half of organisations admitted their mobile workers have knowingly put data at risk, while nearly a quarter said they can’t be certain their data is adequately secured when used in a remote working environment.

Ongoing digital transformation and the adoption of cloud, AI and IoT are introducing an extra layer of complexity to businesses that potentially makes them more vulnerable to cyber-attacks. Meanwhile, personal devices and consumer apps are being brought into the corporate environment without the knowledge of the IT department.

At the same time, GDPR has begun to bare its teeth, with the Information Commissioner’s Office (ICO) recently hitting British Airways and the Marriott hotel group with significant fines.

Organisations recognise the pressing need to invest in strengthening their security posture. There are plenty of sophisticated high-tech security tools and solutions on the market – but as with all new technologies, integrating these can add to an already complex IT environment, compounding risk and lack of control.

Technology is always evolving, for good and bad. However, most cyber-attacks don’t involve the use of new and sophisticated techniques. Instead, hackers rely on simple approaches that exploit well-known weaknesses – for instance a lack of software patching, or employees who haven’t been properly educated in good security hygiene. Reverting back to basics has its merits as a defence strategy, as well as one for attack.

Here’s where highly secure removable storage devices have a role to play. Mandated for use as a key part of an organisation’s cybersecurity strategy, they provide a practical way for employees to safely and reliably store, move and transfer large amounts of sensitive data offline.

More crucially, however, is the availability of USB drives that have hardware encryption capabilities built in. These automatically encrypt all data written to them, locking it down so that if the device is lost or stolen the information on it will be completely inaccessible.

End-to-end encryption of all data as standard – both at rest and in transit – has come to be recognised as a vital element of any cybersecurity plan, and is specifically recommended in Article 32 of GDPR as a means to protect personal data. Two thirds of organisations now hardware-encrypt all information as standard – up from just half last year. There’s a high level of awareness of the risk of not doing so: lack of encryption is behind 27 per cent of all data breaches, according to IT decision makers.

Encryption should be invisible, and automatic. If it’s built into a device the decision and responsibility to encrypt is taken out of the user’s hands. Strict policies detailing how removable storage devices should be used can be enforced through whitelisting on the IT infrastructure, blocking access to USB ports from all non-approved media. Employees should also be trained in how to use devices safely, as well as the importance of data protection and how to be a responsible information owner.

Until recently, I think many companies didn’t quite believe that GDPR would be applied in anger. The ICO’s clear shot across the bows has shaken the myth that any period of amnesty or leniency will continue. This is likely to trigger an upturn in spending on cybersecurity, as organisations seek to avoid penalties.

There’s a plethora of ‘shiny new things’ out there to invest in – but businesses should also consider the fundamentals of good security practice, and implement the tools and techniques that will most effectively provide a robust defence. The ‘humble’ USB drive is one of these – and that’s why I believe it’s set to enjoy a renaissance.