USB drives (also called thumbdrives and flash drives) are often lost and easily stolen – as no doubt many of us already know. There are three basic rules for securing USB drives:
- Don’t put sensitive data on USB drives
- Don’t lose your USB drive, or allow it to be stolen
- If you must put sensitive data on a USB drive, encrypt it
In practice, to get stuff done everyone (myself included!) will break some or all of these rules. Sometimes a USB drive is by far the easiest method to transfer sensitive information. Really small USB drives are easy to misplace. And even if you use encryption software religiously (e.g. The excellent Truecrypt), not everyone has it installed (even though you can run Truecrypt in portable mode from your USB Drive).
For those of you that need the extra security, you can get USB drives with built in hardware encryption. Ironkey is a well known vendor – their USB drives verify a password that you enter on the computer it’s connected to before you can access it. Astute readers will have spotted one potential weakness – if the computer has a keylogger installed, it will be able to record the password.
Enter Apricorn, which has made a secure USB drive with a built-in keypad. You enter a PIN/password directly on the USB drive. This means very wide compatibility, and immunity from keyloggers. This isn’t a product endorsement – I haven’t used one but I really like the concept! PC Mag have reviewed it, and given it 4.5 out of 5.