“Experts agree that the use of an encrypted USB flash drive is most effective for keeping confidential information what it was intended to be – confidential.”
or employees in California. The criteria to determine if this law will affect your business are (any one of the three make the law applicable to your business):
• Do you have gross revenue of more than $25 million?
• Do you possess the personal information of 50,000 or more consumers, households or devices?
• Do you earn more than half your annual revenue from selling consumers’ personal information?
If the new CCPA applies to your company, the intentions of the law are to provide California residents (defined broadly enough to cover consumers, employees, business contacts and others) with the ability to know what personal data is collected about them (and have access to this information) and how that data is used, sold or disclosed. In addition, consumers have the ability to say no to the sale of personal data and to request their data to be deleted.
They also have the right not to be discriminated against for exercising their right to privacy, for instance, for opting out of having their data used by the business in order to use a benefit provided by the business.
Companies that do not comply with CCPA are subject to both civil class action lawsuits in the state of California and can be as- sessed with damages of $100 to $750 per California resident and incident or actual damages, whichever is greater. Companies are also subject to fines from the state, as the California attorney gen- eral can sue them for non-compliance. Key to CCPA is the underly- ing assumption that companies protect the consumer or other Per- sonally Identifiable Information against unauthorized disclosures.
BYOD: Bring Your Own Device
Companies are focused on protecting data, especially PII behind the company firewall. The problem with this is that employees can take data they need and store it on unsecured devices so that they can take it home or elsewhere to work – outside the company firewall.
Many companies do not restrict employees bringing their own storage devices, such as USB drives, to take copies of data incor- porating PII that should be protected, a process referred to as Bring Your Own Device (BYOD).
BYOD is a crucial threat to even the most robust cybersecurity plan that any business can put in place. The tremendous portability and exceptional convenience of USB drives has proven to increase productivity for millions of companies. However, since most of these drives are unencrypted, they pose a significant security risk to the user when storing anything more valuable than public data.
The extreme portability of USB drives means they are very susceptible to being lost, accessed or misappropriated. When that happens, there is a reasonably good chance that data stored on the device will end up in the wrong hands, risking the users or company’s privacy and security. This is not just a worst-case sce- nario – many USB drives have been lost and found, often with unprotected confidential information on them. When these drives
are found and exposed, a breach occurs and a company can be exposed to legal and other consequences.
The safest, most reliable means to store and transfer personal, classified, sensitive data is to have a company policy of standard- izing the use of hardware-based encrypted USB drives. Cyberse- curity experts agree that the use of an encrypted USB flash drive is most effective for keeping confidential information what it was intended to be – confidential.
How Does a Company Effectively Manage Removable Storage Devices? The secure management, transfer or distribution of non-cloud storage of private/personal data should always be front and cen- ter whether you are a financial services firm or a manufacturing company. A company should standardize their best practices for what’s known as data “at-rest” or “in-transit.”
While the most common storage medium is the use of inex- pensive USB drives, the best practice is to standardize on hard- ware-based encrypted USB drives which protect the data “at rest” as well as “in transit.” With these drives, the data is always pass- word or PIN protected. This practice will provide efficiency and security to mobile data for anyone.
Even accessing cloud storage can be risky. While you access the Internet at a coffee shop, someone else may be spying on your system. If you carry your data on a hardware-encrypted drive, you can work on your data and keep your internet turned off while using open Wi-Fi services.
From a cost perspective, hardware-based encrypted USBs are not much more expensive than non-encrypted devices – and they are like insurance against the unthinkable – the loss and breach of private data that could be exposed otherwise. There is a range of easy-to-use, cost-effective, encrypted USB flash-drive solutions to choose from that can go a long way toward mitigating your privacy and security risks, and, quite possibly, save you money and stress.
An example of a cost-effective and easy to use encrypted USB drive is Kingston’s DataTraveler Vault Privacy 3.0 USB Flash drive that provides affordable business-grade security. This encrypted solution features military-grade 256-bit AES hardware-based en- cryption in XTS mode. It protects 100percent of data stored and enforces complex password protocol with minimum characteristics to prevent unauthorized access. For additional peace of mind, the drive locks down after 10-incorrect password attempts. It also fea- tures a read-only access mode to avoid potential malware risks.
Companies can take it a step further should they deploy en- crypted USB drives in the field as a matter of practice. Some drives can be managed via software that is on-premises or cloud-based where an IT architect can whitelist access to the drive, disable it if it’s lost, enforce password characteristics and much more.
Consumer privacy and data security are concerns for busi- nesses of all sizes and identifying cost-effective ways to mitigate the risk is paramount in 2020 and beyond. Customer informa- tion and other sensitive data need to be stored on encrypted USB drives whenever you need to take the data with
you to mitigate any risk of a data breach, data loss and liability.
Richard Kanadjian is the encrypted USB tech- nology and business manager of Kingston Tech- nology.
10
0420 | SECURITY TODAY
CYBERSECURITY