Who has heard of EU GDPR (EU General Data Protection Regulation), you may say with Brexit this does not apply to the UK, rightly or wrongly they do as they came into force in 2016 and complete implementation comes into force in 2018. This replaces a 1995 (yes the date is correct) directive.
Buy Now...
click image to enlarge
‘In case of a data breach businesses will face fines of up to 4% of their annual global revenue or 20 million euros (whichever is greater) and must inform their national supervisory authority’. So for any business that should cure any personal constipation.
Last year Kingston Technology purchased Ironkey who market encrypted USB drives and they are now fully part of Kingston Technology.
I think of Kingston Technology for USB sticks, OTG devices and SSD Drives, now encrypted USB sticks are part of their armoury.
Here are a few of the scary facts from a recent briefing.
- 31% of company employees use more than five USB drives, few of these are encrypted.
- In 38% of companies USB drives have disappeared, 86% of these were not encrypted. In 18% of companies employees save sensitive data to USB sticks.
- 24% of the ‘disappeared’ were lost, 4% of the drives were stolen, of the other 72% the result of what happened was ‘unclear’.
The facts above were from a sample of 480 employees from companies from different industries.
What can IT decision makers do to prevent data leaks.
- Create awareness of the problem and the penalties
- Educate and train employees
- Use Hardware-Based encrypted USB drives
Data breaches are expensive, in the last three/four years it has increased by 23%. For a large EU company the average cost of a data breach is 3.7 million euros.
The highest costs are in health, education and financial sectors.
One small USB drive can cause a lot of trouble, a single employee carrying data out of the office increases the risk of data being compromised, this leaves the company open to ‘hefty fines’, large recovery costs and perhaps most damaging a potential PR disaster in the shape of lost confidence in the company.
If your data is encrypted then the loss is less important as the drive should still be safe even on a landfill site.
According to the information I was given ‘If a USB is lost or stolen and the data on it is encrypted then this is a security breach not a data breach and may not need to be reported and therefore the potential fines mentioned above might not apply’. This seems strange to me but this is the opinion that was given.
So while Encrypted drives are of course far more expensive to purchase and less convenient (quick) to use they can potentially save your company a great deal of money.
Four classes of USB drives are available all meet XTS Security. They all have FIPS certification the level of which varies.
So DataTraveller 2000, DataTraveller Vault Privacy, Ironkey D300 and Ironkey S1000 could be what you need.
www.kingston.com/encrypted for a lot more detail.
!!
