Removable devices Do you have it all under control?

Removable devices

Removable devices are frequently used to conveniently store information. In addition, their small size and large storage capacity make them very practical for backup purposes, for example.

The use of removable devices will allow us to carry them from one place to another, which becomes a very convenient practice but at the same time, we are dealing with a risky asset.

Security breaches

We say that they are risk assets, because if any of these devices is lost or stolen, it would be possible to access their information and this could violate the confidentiality of the information contained therein and could also entail a violation of the rights of the people who could be affected.

If we are faced with a scenario such as the one described above, we would be dealing with a security breach. security breach or breach of securityIf we take into account the provisions of article 4. 12) of the General Security Regulations, we would be dealing with a breach of security. Data Protection (RGPD), as it defines these as follows:

any breach of security resulting in the accidental or unlawful destruction, loss or alteration of, or unauthorized disclosure of or access to, personal data transmitted, stored or otherwise processed;

A loss or theft of information can generate a crisis situation in our company that could have been avoided by taking preventive measures against these situations.

Another example of a security breach, and therefore a corporate crisis situation, would be if, for example, a colleague asks us to copy a file that is on our computer and we allow him to insert his removable device into one of the USB ports and he introduces a malwareinfecting our entire hard drive and the information it stores.

Another example, someone new in the office needs basic information to start their activities and you kindly offer to provide it, lending them your removable hard disk in such a way that they end up passing you a virus from their computer.

Decalogue of good practices with removable devices

Well, before carrying out all these actions that can put your information security at risk, we leave you with this decalogue of actions to follow as a preventive measure:

1-. Security Policies

Have a policy on the use of removable devices that is known to all employees, so that they can be aware of risk situations and avoid them.

2-. Exclusive use of corporate devices

Use only the devices provided by the company, since they will be equipped with the necessary security measures. Avoid, as far as possible, using personal devices and if necessary, provide them with the same security measures as corporate devices.

3-. Encrypt relevant information

Through the use of passwords, encrypt all information considered relevant, confidential or sensitive by nature. Remember that the processing of special category data requires greater security measures to protect them from any attack, in compliance with the Data Protection Regulations.

4-. Strong passwords

Always use strong passwords and change them at least every three months to make them more difficult to crack. You will be surprised how little it costs to crack a password.

But we are not only talking about passwords to access your computer, we are talking about all of them, such as email, computer applications and other software or databases.

5-. Inventory of devices/assets

Prepare a list of IT assets, so as to have control of how many mobile and desktop devices they have, to whom they are assigned, since what date, and with what authorized accesses.

6-. USB port blocking on mobile and desktop devices

7-. Information loss alerts

Prevent information leaks by using a DLP (Data Loss Prevention System): Data Loss Prevention) by monitoring the company’s network and detecting them before they occur. It is a tool that helps to raise employee awareness, since when an information leak is about to occur, the system warns them of this circumstance, so that the situation can be reversed.

8-. Secure deletion of files

Beyond emptying the recycle garbage can, as these files can be recovered with the appropriate tools. Some secure deletion techniques are physical destruction of the device, degaussing, overwriting and cryptographic erasure.

9-. Deactivation of device autostart

Disable device autostart so that devices cannot perform any actions when connected to a port, thus preventing any malicious actions that could be triggered at startup.

10-. Employee training and awareness

Training in information security and data protection is essential to prevent unwanted situations, and to be confident that everyone will know what to do in a risky situation.

Remember that in Spain, 7 out of 10 cyber-attacks are against SMEs and the gateway, in 90% of cyber-attacks, are workers.

Business Adapter® at your service

If you still have doubts about how to apply this Decalogue in your company and need advice on data protection and cybersecurity, do not hesitate to contact your consultant.

If you are not yet a client and want us to help you comply with the European and Spanish data protection regulations(RGPD + LOPD) to which any company or professional is obliged, contact us by email: info@businessadapter.es, you can also call 96 131 88 04, or leave your message in this form:

[su_button url=”https://businessadapter.es/contacto” target=”blank” background=”#f6f903″ color=”#181818″ size=”7″ center=”yes” icon_color=”#000000″]Contact us, we will be pleased to help you.[/su_button]

Contact us, we will be pleased to help you.
error: Content is protected !!