Your credit union teller just found a USB flash device in the parking lot, plugged it into his computer and unwittingly sent your user name, password and account information to… a data security company that was helping the credit union evaluate its security practices.
Whew! Good thing it was just simulation.
This example from an actual case saw employees picking up and plugging in 15 of the 20 USB devices the security firm “planted” in the credit union parking lot.
This example also highlights why flash-device users at WSU need to be aware of potential security problems and university policies associated with these ubiquitous devices.
• It’s important that faculty and staff follow the university’s existing data policy. To view it click here. It defines data types and how they must be secured.
It requires that confidential data “be stored securely on physically secured storage devices or media;” in other words, not on a portable device.
• If there is a business case that requires storing sensitive university data on a USB flash drive, it’s important to use drive encryption. Flash drives supporting encryption — marketed by vendors such as Kingston and Lexar — can be ordered under state contract from the Office Depot BSD website, which is accessible from the WSU Purchasing Office’s website.
• A campuswide data security initiative under way focuses on the encryption of portable devices. To view this initiative click here.
One of the criteria being considered is encryption of portable devices, such as USB drives, that are plugged into a computer with the encryption package installed.
More information on the initiative will be released by Information Technology Services in the coming months.
• If you find a USB flash drive in a public place, the best strategy is to dispose of it. One way to do this is by taking it to WSU Surplus, located in the General Storage Building on Dairy Road off of Grimes Way, where the device will be shredded.