USB Flash Drives, we’ve all got one, I’m sure you probably know exactly where your precious Flash Drive is right now… do you? really? you might want to go check if you brought it home with you..
If you have any doubts where your USB Flash Drive is I’ll give you a few seconds to go hunt for it…
*waiting, waiting*
Ok so now you’ve either found it and have it in your hands or you just freaked out and are racking your brain as to where you last saw it.
If your of the latter group, I suggest you stop reading now and go find it, but come back here once you have to find out how to stop worrying about it.
So you have found your USB Drive, great, how safe is it? Could you lose it today and not care about anyone getting hold of the data? Is the data important?
Most of us have crucial data on our USB Drives, I do, I know you do, and its life altering, deal breaking information.
Most common things on peoples USB Drives are also the easiest filetypes to open. This poses a problem if the drive falls into another person’s hands.
We’ve all read news stories and blog entries about companies and government agencies that have lost amazing amounts of data, usually client details or identity details about clients, on both laptops and USB devices.
Why does this keep happening? because people use industry standard tools like Microsoft Office products or have information saved in PDF’s that are easy to open.
I’ve just gone through this exact issue, although I did find my USB Drive (albeit after smashing a $1oo lamp in the process) and even though I’d backed up the information on the drive and had encrypted the most important information, I hadn’t done the same with my personal info (resume, recently gained certificates) and even the novel that I’m slowly writing!
It almost makes you insane and paranoid to think that someone else has your data and is copying it all down, stealing your identity and profiting off your creative ideas.
Securing your drive.
Security is key on a portable drive, no matter the intended purpose even if its just your home backup drive for a few files.
The most at risk device however is the one that you carry everyday.
You have it slung around your neck on a lanyard, hanging off your keys, in your work or laptop bag, the one that has all those cool applications on it that you depend on and all the important documents that you might need at a drop of a hat.
You know, the one that you plug into numerous pc’s over the course of a day and could easily forget if something distracts you for a second.
I’m sure that most USB Drive owners have felt the white-hot panic when you’ve left your device plugged into a PC and forgotten it.
I’ve done this more times than I could count.
Security Tip #1
IF YOU LEAVE A PC TAKE YOUR USB DRIVE!
Now this might sound like a no-brainer, but I’ve had to train myself to do it, the amount of times I’ve had to return to a PC after hours to retrieve my USB Drive almost borders on stupidity.
Security Tip #2
BUY A DRIVE WITH A DECENT LOOP HOLE!
Some of you might wonder what I’m talking about with this tip.
I’ve purchased a large number of drives over the years, and had the ability to experience both good and bad flash drive design. Let me show you what I mean.
This is probably the MOST important tip I can give, buy one with a decent loop hole. This way you can clip a sturdy key chain hook through it to secure it on your lanyard or keys.
If the drive has a hole that is too small then you are either at the whim of the manufacturer to use their small nylon cord to feed through the hole or worse if they don’t provide a cord then you scrounge to find something that is small enough to attach to the device. This is dangerous, and is most definitely the easiest way to lose your drive.
I actually have the good device shown above, its a Lexar Twist Turn 8gb drive, I chose it because of the large loop and the fact there is no cap to lose. Its an excellent drive but I had to wrap some electrical tape around the device to make it thick enough to keep the drive inside its sheath.
Security Tip #3
ENCRYPT YOUR DEVICE!
Now you need to take this with a grain of salt. Most people who think encryption think about creating special containers that are hidden from everyone using special tools and use 64 character passwords that contain capitals, symbols and non-sequential numbers.
As with most things there are many different opinions about how best to encrypt your data for portable devices.
So here’s my 2 cents about this topic. I live by a simple creed when it comes to encryption of data: Can I live with someone else having the data? Then don’t encrypt it – this may seem too simplistic but trust me its the easiest question to answer.
If you don’t care if someone has a copy of your unencrypted personal documents, or work documents or images of your cat, then don’t encrypt them.
If you do however care about the information, then encrypt it.
Simple as that.
Now as I said at the start of this tip you need to take encryption with a grain of salt not to go too overboard. Methods of encryption and their ease of use is almost always driven by the level of paranoia that would be induced if you lose the data.
Also make sure that you use a memorable yet hard to crack password, avoid the usual birth dates, family members names, names of pets and the usual things to avoid when choosing one.
I can recommend using a password with at least 1 capital, 1 number and a length of 10 characters. Why 10 characters? because it adds just that little bit extra protection.
Plenty of software exists to encrypt your data, here are a few:
TrueCrypt – Open Source on-the-fly, strong, file and partition based encryption, ability to create an encrypted file container or whole partition both either visible or hidden, one caveat is that it requires Admin rights on the PC you are running the application on.
Rohos Mini Drive – Freeware partition based drive encryption, similar to TrueCrypt however this application does not require Admin rights to operate correctly, also includes a virtual keyboard to circumvent keylogging applications.
Compression tools – Most mature compression tools these days allow for strong encryption to be applied when compressing files, applications like 7zip, WinRAR and Winzip all allow for advanced, secure encryption. Personally I prefer 7zip as it has better native compression (*.7z format) than RAR and zip formats, uses military grade encryption and best of all, its free.
Security Tip #4
ATTACH YOUR DRIVE TO SOMETHING MEANINGFUL!
One of the worst things you can do is leave the drive unattached to anything, if you do its in its most vulnerable state, easy to lose by itself.
It’s better to have your device attached to something important such as your keys or a lanyard around your neck, that is assuming that you aren’t prone to losing what you have attached it too.
If you are prone to losing EVERYTHING, then get yourself one of these:
Its a retractable key chain, attach one end to your belt / bag, and the USB Drive to the other, that way, if you leave a PC while its attached you’ll know about it almost instantly.
I like to use a Texan perspective about this, bigger is better if you lose things all the time.
If this doesn’t help, perhaps encasing the drive in a kilo block of resin is the best.
Security Tip #5
BACKUP THE CONTENTS OF YOUR DRIVE!
Periodically copy the ENTIRE contents of your drive over to another medium, burn it to a DVD, onto a secondary key or onto your PC.
This reduces the risk of you losing recent changes to documents, but more specifically, it helps you remember whats actually on the device if you have lost it.
Security Tip #6
BEWARE COMPUTERS BEARING GIFTS!
Yes some of you may have noticed my play on the old adage: “Beware of Greeks bearing gifts” in reference to the old Trojan Horse gag.
But many people just assume that the PC they are plugging their device into doesn’t contain a Virus, Trojan or RootKit that will copy, maim or destroy your data.
You might be just plugging it in to copy over that one important file, but just a few seconds is all that is needed to infect a USB Drive and ruin your day.
I’d recommend doing a few checks before you plug in, does the PC have a recently updated anti-virus application? is it a good, well respected anti-virus? Does the PC have a strong Firewall? Has it been kept current?
If you answer no to any or all of these, then proceed with trepidation.
There is one more option, use a portable anti-virus app on your USB Drive like ClamWin Portable although keeping it current means downloading the latest updates manually, file scanning is also manual and there is no automatic protection from malware / spyware.
Security Tip #7
EVERYONE WANTS YOUR DATA, BE PARANOID!
Paranoia is usually a bad thing, but not so if you want to keep your data safe on your USB Drive.
A little paranoia will keep you sane about where the device is and who has access to it.
Security Tip #8
EVERY NOW AND THEN ERASE THE FREE SPACE!
What a lot of people don’t know, or even worse, don’t understand is that even if you encrypt your data on the device the unencrypted version may still be lurking in the background of your USB Drive.
These days there are strong tools designed to forensically recover data from devices.
Using an application that passes over the free space of the drive multiple times will destroy this hidden information or at least obfuscate it enough to make it unrecoverable.
I’d recommend using Eraser Portable to achieve this.
Security Tip #9
NOT ALL PEOPLE ARE HEARTLESS DATA THIEVES!
But not all people are as honest as we’d like to believe. A good thing to do is to put a text file into the root directory of the USB Drive that’s called READ ME IF FOUND.txt or something similar.
If someone finds your USB Drive and is rummaging through the contents then they are bound to find this file. Inside the text file write something short, but don’t hesitate laying on the guilt a little or give an incentive to return, it might just be the difference between getting your drive back or not.
Something like:
Hi, looks like you’ve found my USB Drive, clearly I’ve left it in a PC you’ve been on. Yep I feel like an idiot.
But it would be really great if you could return this drive to me!
Here is my mobile / cell phone number – <insert number here> – please contact me on this number as soon as you can, please don’t bother copying any information off the device as its all encrypted anyhow.
If you do return this to me I’ll give you a reward for your troubles.
Thanks for finding it!
<insert your first name here>
Doing this humanizes the loss, it gives you a voice or medium to describe that your want to have the device back, most of all it gives the loss a consequence.
So you’ve lost your USB Drive, what now?
Ok, don’t panic – the world hasn’t ended, the sun will still rise tomorrow, you can breathe.
If you’ve encrypted the sensitive data on your drive then you can breathe a little easier for sure.
Think about where you last saw it, then try to trace your steps from that point. Might sound like the usual things to do but the tried and trued methods sometimes are the best.
So you still haven’t found your device, you remember where you last saw the darn thing but it isn’t in the places you would expect, so try the last place you would expect.
Failing that ask around, has someone seen it? maybe they picked it up!
What’s the next step… Wait it out.
If you’ve followed the above steps and added the READ ME IF FOUND.txt file on your drive then you may be able to count on human decency and compassion to get the device back to you.
Ok, you’ve waited, no one has returned it and don’t expect to see it ever again, my advice?
Build a freakin’ bridge and get over it.
Its only data after all, if its in the hands of another person then there is nothing you can do about it. Just expect the unexpected, they have the device and the data and could act upon it at any minute, but don’t stress not all is lost, they probably won’t know what to do with what they have.
But what if its company information you’ve lost thats unencrypted?
Tell your boss immediately, mitigate the risk by being up front. Sure you might get fired depending on the nature of the info lost, but at least you have shown you are honest and still looking out for the company, hell it might work in your favor.
Mitigate the risks, work with your boss / colleges to be aware of the outcomes of someone using or releasing the information and the implications of what may happen.
Make sure that this can’t happen again, create better policy, enforce higher safeguards and most of all educate others on the risks.
The Conclusion…
Follow the above steps and you’ll be fine out there in the big wide world, you can rest assured that if you have done everything you can to lower the risk then you’ll either never lose you USB Drive, or if you do, no one will be able to retrieve anything useful from it in the first place.
If you have a similar experience or have ever lost a drive leave a note in the comments.
http://t.co/u1E8eJIg – Ever Lost a USB drive? – http://t.co/m9a3vAn1 – #Regravity .