Top
image credit: Pixabay

Proper portable storage devices make your business GDPR compliant

November 3, 2018

Category:

Apart from the constant need to improve their security policies, companies now face a new hurdle: GDPR compliant storage devices. As the new General Data Protection Regulation (GDPR) established that USB sticks with sensitive data are a business risk, new rules came into play forcing companies to adopt encrypted USB Flash Drives in order to be GDPR compliant.

A quick guide to GDPR

On May 25, the new European privacy regulation called The General Data Protection Regulation (GDPR) came into effect. This regulation has been implemented in all local privacy laws across the entire EU and EEA region. It applies to all companies that store personal information about citizens in Europe, including companies on other continents. GDPR aims to provide greater control to citizens of the EU and EEA over their personal data and assurances that their information is being securely protected. Under GDPR, individuals have the right to access their personal data, the right to be forgotten (consumers can withdraw their consent from a company to use their personal data), the right to data portability, the right to be informed, the right to have information corrected, the right to restrict processing, the right to object (individuals can ask to stop the processing of their data for direct marketing), the right to be notified of any data breach. Overall, GDPR has raised awareness of the need to control personal data, and a mentality change in this matter will materialize in the coming years.

Lost or stolen enterprise data

Although cloud-storage seems to be the star when it comes to gathering and transmission of data, the USB stick is still a faithful companion in professional life – either a business trip, when employees are not sure whether they have access to cloud data or at a presentation for uncomplicated retrieval on different devices. According to a study conducted by Kingston, almost all respondents (95%) have at least one USB stick professionally in use. And a third of respondents (33.1%) use more than 5 USB flash drives. While almost every employee uses USB sticks, there is little awareness that the unsecured memory can pose a security risk. More than half (56%) of companies insufficiently secure data on USB flash memories, according to the study. Many of these mobile devices are lost and with them often sensitive corporate data. Almost three-quarters of the interviewed employees (72.7%) said that their company had never been able to find the lost USB sticks. What happened with these devices is often not clear: almost 57% of the employees do not know what has happened to the missing USB sticks, 39% still remember that they lost a USB stick. On the other hand, not even 4 percent cited theft as the reason for the disappearance of the USB sticks.

Data hoarding is a security weakness

The main problem with the regular USB drive is that it hoards all data stored on it, never removing anything until it absolutely has to. Even after formatting a regular USB drive all the data is still there as shadow data. A standard USB drive contains not only traces of what has been stored on it but in some cases full copies of sensitive data. Therefore, if the device is lost or stolen, the organization has 72 hours to act under the new GDPR regulation (report the incident), or be subject to fines and penalties.

The ideal solution for businesses to become GDPR compliant is to invest in Hardware Encrypted USB drives. Check a list of recommended devices here.

Features like password protection and fingerprint scanners ensure strong levels of security, thus minimizing the risk of sensitive data falling into the wrong hands. Hardware encryption is automatic, always on, and most important, cannot be disabled because there is a crypto processor built inside the device.

The best compliance solution is centrally managed secure USB drives

Adding the ability to track the usage can help an enterprise identify who is accessing the data stored on the device. Managed drives enable remote solutions, allowing managers and IT workers to control USBs and their data remotely, with features like disabling and geo-fencing USBs, resetting passwords, the ability to change to read-only mode and even lockdowns of USBs by serial number. Solutions like My USB Tracker and iHound could prove extremely useful in case the device is lost or stolen.

The GDPR is the EU’s way of giving individuals, prospects, customers, contractors, and employees more power over their data and less power to the organizations that collect and use such data for monetary gain. Although the path to compliance seems bumpy, business managers must see this as an opportunity to implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk.