Devices like USB memories, portable hard disks and memory cards, all together are known as removable storing devices that allows us to make information transfers in a fast and easy way.
They are a very useful complement on our daily jobs, but at the same time, they can be so small that we dont even notice the importance they decerve, becoming easy targets for being stolen, manipulated, infected by some malware or even lose them. For that reason, will be necessary for any company to set up soem rules that helps to regulate the usage of this devices. A little mistake can result on a lost information, to be stolen, to be manipulated for illegal reasons or being used for infecting the company network or even domestic networks,
For that reason, the company must decide if they allow the use of these storing devices, and if thats the case, regulate in which situations you could use them or which kind of information would you store on them. This is called External Storing Devices Policy.
This way, if we had to store important or forbidden information on a company storing device, you would have to make sure that it is well protected. Besides, the devices must be stored on safe places and the responsibles of the devices must be informed in case of incident like robbery, infection, loss…
If you plan to keeep safe all the information that you have gathered on those devices, we must apply a pack of security measures like encoded data, create some access permisions, password policy etc.
For the last, we have to keep in mind the elimination of the information stored, because its very important that this information is deleted properly and can’t be accessible. For that, there will be some secure deleting methods like the physical destruction of the device, demagnetization or overwriting.
What kind of controls will be necessary?
In first place, we must establish a regulation that regules the storage of information in the removable devices, which one must contain some essential aspects like have a registration of authorized devices, determine which conditions or situations will alow its use, establish if the information must be encoded, security configurations etc.
Another important aspect is the consciousness-raising of the employees. Robbers, people that loses them, manipulations, virus infections are the most frecuent reasons of lost data in the storage devices. For that reason, it’s very important that the employees help on the protection of the data, and make them know the importance of having them well stored, safe and protecting its contents.
Besides, it’s necessary to have alternatives to the removable storage devices, like for example, having some common repositories for the exchange of informations or with remote access that allows to work outside the office, to have cloud computing services ( like google drive) etc.
It’s also necessary that we keep a device record and record of users for establish an access control for them.
Another important aspect is to apply technical measures that guarantees a safe storage, for the removable devices and for the ones that we conect the removable ones. These have to include a periodically password change programming of the devices, avoid to conect any device that is not registered to connect to your devices, deactivate autolaunching options on the USB ports, etc.
For the last, it will be necessary to accomplish with established policy, that must be notified and known by all the employees. Besidesm they must accept to accomplish the policy before using nay device.
So, to keep safe our information stored on our removable storing devices, we must establish some usage rules on these to guarantee the security of the company information to the information fo other external devices that connects. All of this plus the consciousness-raising of the employees for helping them to make a correct use of the devices and avoid like this the loss or the robbery of the information, the infections etc. Prevention will always be out best ally.