Best practices when using USB drives
When thinking about this topic I decided to look at a popular office supply store to see how big of a USB drive I could actually purchase. You can actually purchase one that stores 512 GB of data – WOW. Now, most workplaces are not going to spend over $500.00 on a USB, but a fairly standard size today is 64 GB – the same storage capacity as many popular cell phones. It is really crazy to think that something the size of a car key can hold that much data! With the ability to store that much data in a very small and portable way, it is important to be super vigilant when using memory sticks.
In January 2018, the IPC developed a resource – Helpful Tips: Mobile Device Security. This resource offers many tips and considerations that are helpful when using memory sticks, including administrative safeguards, technical safeguards and physical safeguards. However, here is a quick list of some things to keep in mind when using USB Drives:
- Encryption/password protected devices: Only purchase USB drives that have encryption or password protection functionality.
- Strong passwords: If you have a need to store personal information (pi), personal health information (phi) or other forms of sensitive or confidential information on a USB drive, be sure to have it locked by a strong password.
- De-identify: When storing pi/phi on a USB, de-identify the information wherever possible.
- Delete data: Immediately delete the data from the USB once it is no longer needed.
- Unattended USBs: Do not leave USB’s in vehicles or unattended in public. If absolutely necessary, lock it in the trunk or glove box where it would be out of site. When not in use in your office, be sure to lock it up.
- Access on a Need-to-Know Basis: When storing data on a device, access to that data should be on a need-to-know basis.
- Lost or stolen USBs: Report lost or stolen USB’s immediately to your supervisor and the Privacy Officer.
- Disposal: At the end of its lifecycle, be sure that all the data has been wiped from the USB. Once that is done, safely dispose of or destroy the USB before disposal.
For more applicable information on USB drive use, please see the following resources:
- Helpful Tips: Mobile Device Security
- Key lessons for public servants using portable storage devices
- Technology Fact Sheet – Disposing of Your Electronic Media