EDUCATE your Users as to WHAT you are doing, WHY you are doing it, WHO it applies to, and HOW it will impact their work. whats the use of employing the USB encryption policy if a user is just going to copy it to DVD?!?!Ħ) Setup your network to alert your IT Security folks if an unauthorized USB device is detected on the network.ħ) And the MOST important aspect of a good cyber security stance is what is like to call End-User-cation. i.e.: CAPS, lower, Numbers, special characters and a minimum of 8 characters long.ĥ) using GPOs also force encryption of ANY removable media. Makes it easy for your users and difficult for any one that is not supposed to have access to it.Ĥ) Any passwords that are used should follow strong password requirements. By doing this treat the company-approved USB stick like a traditional 'plug-n-play' drive while it is on-line with the company network, but the minute it is off-network and you try to access the drive it will prompt for a password to 'unlock' the drive. These drives will be set up in the IT department and married with the network encryption and have a password set on them. You need to make sure of a few things in order to force compliance to the company policy:ġ) The Encryption software must be BOTH 256-bit AES level encryption AND FIPS 140-2 compliant.Ģ) You company's enterprise environment need to have GPO's in place that FORCE encryption of ANY USB drive that is inserted into a workstation.ģ) assign a security custodian for within IT to manage who is issued a company-approved USB drive.
Encrypting your USB drive is the best bet.
0 kommentar(er)
