Secure Removable Media and Devices
How do you keep removable media and devices secure?
In our interconnected and cloud-enabled world, we tend not to focus on the tangible hardware that holds data. This includes removable media and devices used for storing and transporting data, whose convenience can introduce security risks, such as malware or accidentally disclose private information (e.g., HIPAA, FERPA, PHI, financial, research).
Examples of removable media and devices:
- USB flash drives
- Removable Discs (Blu-ray discs, DVDs, CD-ROMs)
- Memory Cards (Compact flash card, secure digital card, memory stick)
- External hard drives
- Digital cameras
- Audio recorders
How to set up your systems and devices securely
- Install anti-virus solutions on your computer that will actively scan for malware when any type of removable media or device is connected.
- Encrypt removable media and devices. Encryption is your device's ability to convert information into ciphertext to prevent unauthorized access. Essentially, it scrambles up your data when your device is locked, making it only accessible to someone with the right access. This will render any data useless to unauthorized users should the device be lost or stolen.
- Password protect the removable media or device.
- Disable the “Autorun” and “Autoplay” features for all removable media or devices. These features automatically run when a removable device is detected by your device.
Follow security best practices
- Keep your personal and University data separate. Do not store University data on your personal devices.
- Check with the data owner prior to using or storing data on removable media and devices. This is especially important when working with PHI (personal health information).
- Do not disclose the password or passphrase used with removable media or device (or any University password) to anyone.
- Change the password prior to assigning the removable media or device to another individual, or if you suspect that the password is compromised.
- When you finish transferring University data from removable media or device, be sure to securely delete or wipe it from that device.
- Never connect any removable media device to your computer that you have found, or connect devices from users you don’t know or trust.
- For units that routinely use removable media, develop and document a process to track the devices and who has used them.
- Check out more Good Practices for Safe Computing.
University units and community members must ensure that their electronic devices and other resources that store, transmit, or process University information meets the information security processes and standards contained in the Information Security policy.