CYBER RISKS
HARDWARE-BASED ENCRYPTION VERSUS SOFTWARE-BASED ENCRYPTION
Hardware-Based Encryption
Software-Based Encryption
Uses a dedicated processor physically located on the encrypted drive
Shares computers resources to encrypt data with other programs on the computer and is only as safe as your computer
Processor contains a random number generator to generate an encryption key, which the user’s password will unlock
Uses the user’s password as the encryption key that scrambles data
Increases performance by off-loading encryption from the host system
Can require software updates
Safeguards, keys and critical security parameters within crypto-hardware protect against the most common attacks, such ascold-boot attacks, malicious code, brute-force attack
Susceptible to brute-force attack, computer tries to limit the number of decryption attempts, but hackers can access the computer’s memory and reset the attempt counter
Cost-effective in medium and larger application environments, easily scalable
Cost-effective in small application environments
Encryption is tied to a specific device, so encryption is “always on”
Can be implemented on all types of media
aims to strengthen data protection rights for individuals within the EU. Named the General Data Protection Regulation (EU GDPR), it replaces a 1995 directive and aims to future-proof data protection in the EU and to non-EU organizations that process data of EU residents.
It may not be apparent at first mention as to why or how this affects American colleges, universities and any institution of higher learning. But consider European students coming to America to study, research projects between American institutions and their counterparts in Europe, and any other exchange of data or information between stu- dents, faculties and schools in the two sectors. From 2018 forward, they will need to use state-of-the-art security to protect personal data.
In case of a data breach, schools will face fines of up to 4 percent of their annual global revenue or $21,952 million and must inform their national supervisory authority.
The average cost of a data breach has increased by 23 percent since 2013. The average cost of a data breach for large organizations in the EU is 3.7 million Euros and $7 million in the U.S. Education is one of the three highest cost sectors.
Here are five steps colleges can take to protect themselves and become GDPR compliant:
• Understand the new regulation and what it means.
• Understand who uses and has access to data.
• Define strategy for data on the move.
• Consider hardware encryption and endpoint-management options. • Ensure students, faculty and staff are aware of the GDPR and best-
practice data protection policies.
Students, faculty and administrative staff carrying data out of the classroom or office increase the risk of data being compromised. This leaves the institution open to hefty fines, recovery costs and a potential public relations disaster. Remember, this applies to data you not only need to protect but want to protect.
Encryption is the best way to be safe. A device such as the Kingston encrypted USB or its high-end IronKey encrypted USB 3.0 flash drive minimizes the risks of moving data on USB drives and ensures critical and sensitive data is protected.
WHY ENCRYPTION IS IMPORTANT
If a USB is lost or stolen and the data on it is encrypted then this is a security breach, not a data breach, and may not have to be reported.
Kingston encrypted and its IronKey encrypted USB 3.0 flash drives help meet stringent requirements (including the new EU GDPR) for data security while allowing students and school departments to do their assignments or jobs more efficiently. With its completely self-
contained authentication and encryption processes, all critical security parameters take place within the drive itself and are never shared with its USB host. Kingston’s unique approach to ultimate data security is centered on absolute independence from all software and the operat- ing system.
In addition to advanced security features such as anti-virus protec- tion and remote management capabilities, Kingston offers a secure customization program that provides users, companies or schools the ability to uniquely identify the encrypted drives with popular options such as serial numbering, dual passwords and custom logos.
Data stored on a Kingston or an IronKey encrypted USB drive is always protected from unauthorized access. What happens on an encrypted drive, stays on an encrypted drive.
IMPACT OF ENCRYPTED DEVICES
In closing, here are two examples of the importance of using encrypted USB drives.
Protecting royalty. Recently, an unencrypted USB drive with confi- dential/restricted files was found at Heathrow Airport in London. Among its 76 folders and 174 documents was information regarding details of measures used to protect the Queen, the types of ID needed to access restricted areas, a timetable of security patrols and maps pin- pointing CCTV cameras. One document highlighted recent terror attacks and talked about the type of threats the airport could face.
Securing data. Researchers from Google, the University of Illinois Urbana-Champaign and the University of Michigan spread 297 unen- crypted USB drives unattended around the Urbana-Champaign campus.
Finders opened one or more files on 135 of the 297 flash drives (45 percent) and 290 of the drives (98 percent) were removed from their drop locations. Drives were plugged into finders’ computers within a median time of 6.9 hours, the first within six minutes of being found. The researchers suspect that users initially acted altruistically to try and find the drives’ owners, but their curiosity soon took over, as they proceeded to open other files, including one labeled “vacation photos.”
Whatever their reason for opening the files, the study points out that individuals coming across an unattended USB
drive will open it. If the drive is unencrypted, like
those used in the study, the loser of the drive risks
having all manner of valuable data exposed, sto- len or lost for good.
Ruben Lugo is the strategic product marketing manager for Kingston.
CS16 WWW.CAMPUSLIFESECURITY.COM | JANUARY 2018
A SPECIAL SECTION TO SECURITY TODAY AND THE JOURNAL
CAMPUS SECURITY & LIFE SAFETY