USB flash drives and microSD memory cards may be more portable, but they just won't give you enough space for long-term use. If external SSDs are just too expensive and you want to expand your. If you're after a reliable permanent storage solution for your content - be it family photos and videos, movies, MP3 files or important documents - one you need is one of our handy external hard drives. With a range of capacities and options from leading brands like. Storage Microchips. Most phones that you buy today will come with what is known as microchip.
- Best Data Storage Device
- Ssd Portable Storage
- Best External Data Storage Devices
- Portable Data Storage Devices
| Policy number | 12-19 |
|---|---|
| Responsible office | Information Technology |
| Classification | Board of Trustees-delegated Policy |
| Category | 12. Information Technology and Data Security |
Statement of policy
This policy accounts for WMU administrative, technical and physical safeguards for the use and security of portable electronic storage devices and laptop computers.
WMU Administrative, Technical and Physical Safeguards for the Use and Security of Portable Electronic Storage Devices and Laptop Computers
All University Covered Entities
Policy: The HIPAA Privacy Rules require that the University have appropriate administrative, technical and physical safeguards to protect the privacy of protected health information (PHI). More specifically the Rules require that the University have in place reasonable safeguards to protect PHI from intentional or unintentional use or disclosure that is in violation of the Privacy Rules. Accordingly, the University adopts the following procedures regarding the use and security of portable electronic storage devices, such as, but not limited to, flash drives, memory sticks, data disks, and laptop computers.
Process:
- All members of the workforce shall follow the measures set forth below when they maintain PHI on portable electronic storage devices and/or laptop computers.
- PHI may be stored on a portable electronic storage device and/or laptop computer only if it is essential to do so to accomplish the work of the university. The necessity of storage shall be determined by the University HIPAA Privacy and Contact Officer. In the event the University HIPAA Privacy and Contact Officer allows such storage the departmental information technology employee shall make reasonably feasible arrangements for data encryption, strong passwords, and/or other appropriate protection.
- No device, including portable electronic storage devices and laptop computers, on which PHI is stored may be left unattended unless it is in a secure, locked environment.
- In no case may PHI be stored on a personally owned device of any kind.
- All PHI contained on portable electronic storage devices and/or laptop computers shall be backed up daily to the university file servers.
- Any laptop computer that contains PHI must have computer tracking software installed as determined by the Office of Information Technology. Software installation must be arranged through the Office of Information Technology.
Regulatory Authority: Final Privacy Rule: 45 CFR §164.503(c)
Related Policies/Procedures:
- Policy Regarding Incidental Uses and Disclosures
- Policy, Providing Information to Family and Friends of Individuals Involved in Care
- Designated Record Sets
History
| Effective date of current version | January 5, 2009 |
|---|---|
| Date first adopted | December 23, 2008 |
| Proposed date of next review | October 1, 2021 |
It seems that nearly every new electronic device on the market today comes equipped with data storage and transfer capabilities. From USB sticks to smart phones, MP3 players to hand-held PCs and iPods, the portability of data has reached new levels of simplicity as the prices of these devices continue to fall while storage capacities continue to rise.
There is no question that USB Flash Drives and their electronic counterparts are a valuable addition to the road warrior's toolbox. The ability to easily transport data between client and company sites, not to mention taking work home for the weekend, make these devices almost irresistible.
Portable storage devices are also handy for making quick backups of important documents and even system registry files. Unlike CD/ROM disks, the stored data can be edited and saved over and over again.
Yes, today's portable personal storage devices have revolutionized the concept of 'sneaker net', but are the rewards worth the risks?
These electronic conveniences have created a nightmare for data security managers and have spawned an entire sub industry that is aimed squarely at portable data storage security.
Old Risks and New
Best Data Storage Device
Portable data storage devices provide the same functionality as floppy disks, hard drives and CD/ROM and, therefore, are subject to the same virus and spyware risks as their more traditional counterparts. This is a particularly onerous threat for organizations that allow their employees to transfer data between company and home or remote computers.
While most threat-savvy IT departments have complete virus and spyware protection enabled within the enterprise, most organizations have little control over the protection of employees' home computers or computers that employees use at client and vendor sites. With new virus and spyware threats appearing every day, it is entirely possible that the organization's anti-virus and spyware systems may be unaware of the latest threat which has just been introduced by an employee.
Portable storage devices are also subject to your standard day-to-day perils such as mechanical or electronic failure, damage from being dropped or being exposed to harsh environmental conditions or just plain getting lost or stolen. The latter two circumstance create a whole new threat level if sensitive data happens to be stored on the missing device.
The term 'Business Intelligence' takes on a new and dark meaning when the stealth capabilities of portable storage devices are factored into the equation. Can t mount macintosh hd.
Corporate spies are more common that you may think they are and it's a relatively simple task for a dishonest employee or visitor to transfer company phone books, customer lists, product and pricing lists or other sensitive and potentially damaging data to their electronic device before leaving for the day. The profit potential for these wayward employees is huge. You don't have to look any further than the recent case of the AOL employee who sold 93 million AOL members' email addresses to spammers for $52,000 and later sold another list for $100,000, to get an idea of what people are willing to pay for the valuable data that your employees have access to every day.
Short of actually conducting body cavity searches at the employee exit, there is no secure way to ensure that illegally obtained valuable data isn't sharing an employee's commute home. Even with body cavity searches, security personnel could never have the time to thoroughly examine every portable electronic device that employees and visitors carry with them onto the premises every day.
Public corporations that are subject to Sarbanes-Oxley (SOX), as well as those who face the data security and storage requirements of HIPAA and the USA Patriot Act, have even more at risk from spies who have access to easily stolen data. These laws provide for heavy fines, possible prison sentences and even the potential loss of the right to continue operating the business in some instances. How can so much trouble come from such small devices?
Multiple threats require multiple solutions
The easiest way to protect against 99% of the unauthorized use of portable storage devices is to disable or otherwise control the USB port since most devices communicate through USB. However, some devices are capable of using FireWire and infrared technology, so security of those ports must be considered as well.
1999 unreal tournament. Methods for securing against USB access range from simply removing or disconnecting the port, to installing special software that is designed to control who has access to USB devices and what these devices are able to do when connected.
Disabling USB access on an Enterprise-wide basis might not be a reasonable approach for some organizations, but at least publicly accessible machines such as those in conference rooms, lobbies and other common areas should be protected.
Ssd Portable Storage
There are security products available which will alert the network administrator when portable devices are connected and removed from any PC in the network. While the average network administrator cannot possibly monitor these alerts 24/7, especially in organizations where there is widespread usage of these storage devices, logged alerts do provide a good starting point for after-the-fact investigations.
If a USB-disabling or monitoring program is going to be used, then IT managers need to ensure that accommodations are made for USB-connected pointing devices, printers and keyboards. This can be done either by using software which specifically recognizes and allows those devices, or by moving these devices to legacy ports.
Some IT managers have taken a 'cast a wide net' approach by completely disabling the Windows 'Plug and Play' setup options on deployed machines after their initial configuration. This creates additional work for the PC support group when authorized hardware needs to be installed later, but it is effective in controlling what users can and cannot add to their machines.
At the very minimum an organization needs to implement an automatic PC 'lock down' policy which ensures that unattended PCs drop into 'password required' mode after some defined period of activity. That 'defined' period is open to interpretation, but the shorter the period of time, the better.
Beyond the physical 'Lock and Key' approach
If organizations that are subject to SOX or other federal requirements must issue portable storage devices to key personnel in order for them to fulfil their job responsibilities, then there are devices which come equipped with internal security protection available such as biometrics identification, secure password schemes and encryption methodologies.
Get it in writing
Best External Data Storage Devices
While a written data security policy won't do much for stopping willful illegal activity, and it won't make any of your users smarter when it comes to installing protection on their home computers, it does give you a leg to stand on when it comes to taking either disciplinary or legal action against violators when warranted.
At a minimum, your portable storage security policy should address these issues:
Portable Data Storage Devices
- Define who is permitted to use portable data storage devices and what types of data are permitted to be stored on these devices.
- Establish rules for vendors and visitors who want to attach devices during presentations or visits to the organization.
- Establish virus and spyware protection standards for employees who use home or off-premise computers.
- Establish password and data encryption standards for portable storage devices.
- Establish a reporting procedure for notifying a responsible party in the event that a portable data storage device is lost or stolen.
