Oct. 29, 2007
By Sean O'Malley
Editor's note: Through October, the Office of Information Technology will offer information security best practices in observance of National Cyber Security Awareness Month.
USB drives are everywhere these days. Whether you call them thumb drives, flash drives, memory sticks or memory keys, these tiny storage devices are inexpensive, easy to use and convenient. If you don't have one dangling from a keychain or stashed in your pocket, chances are someone in your office or department does.
In spite of their convenience, these devices are not a good place to keep important data.
"You should never store sensitive data on a flash drive or any form of portable media for that matter," says Ed Carter, senior security analyst in Ohio University's Office of Information Technology. "The risk of theft or loss is just too great."
USB drives are fine for storing lecture notes and presentations, but be careful of files that might contain Social Security numbers, financial information or other data that could cause problems if lost. Such information should remain stored in its secure location and not removed from its source.
If you absolutely must carry sensitive data on a portable device, make sure the device is encrypted.
More information on dealing with sensitive data, including advice on encryption, is available from OIT.