Try for free
    26.07.2021

    Protection of storage media

    Potentially storage media is the source of security issues due to its small size and portability. It is difficult to track who uses them and in what way. It is not always clear what to do in case of damage: how to restore data and whether it is right to throw storage media away. In this article, we are speaking about the main issues with storage media and ways to minimize the risk of them.

    Let’s remember the terms.

    Information is data in printed, graphic, and other form. It can be saved on different storage media: from paper to digital ones.

    Storage media is a material object designed for burning, storing or transmitting information. More often we save information on storage media that can be read with a computer – they are USB-flash-drives, memory cards, hard disks, CD, DVD disks, and others. These media can get old, damaged, lost, and so on.

    So, information protection includes storage media protection against damage, theft, loss and copy.

    What measures do minimize the risk of storage media threats?

    Let’s consider the main problems and ways to solve them.

    Issue: loss, theft. Storage media can be stolen or lost by employees as well as third parties.

    Solution: to minimize the risk of storage media loss or theft, it is necessary:

    • To arrange severe media access mode, surveillance system and signal system.
    • To store media in a safe place. For instance, in a safe deposit box.
    • To log all attempts to use storage media.

    It is also useful:

    • To use storage media belonged to company.
    • To forbid employees to use personal storage media.
    • To forbid using storage media outside the office.

    It is important to take measures not only to prevent loss or theft, but also protect in case a third party happens to get company’s storage media. Often 2 technologies of protection against unauthorized access to data are used:

    • Authentication helps to understand whether a person is real.
    • Authorization will show what a person can access, and what they can’t.

    Issue: copying of information. This problem relates to theft and loss. In case third parties get storage media or employees with different reasons try to make a copy, it is necessary to protect against copying.

    Solution:

    • Encryption. If fraudulent actors don’t have a decryption key, they cannot read data. To encrypt, special software can be used or hardware-based SSD can be bought.
    • Software solutions that prevent from copying information. For example, DLP systems.

    Issues: damage. Storage media are damaged for a reason and without one. This process is hard to control. So, what can we do?

    Solution: to prevent against damage, it is useful to know the peculiarities of different storage media. For example:

    • Hard disks are sensitive to electromagnetic emission.
    • Blu-Ray, CD, DVD disks are sensitive to sunshine. They also have fragile structure.
    • Many storage media are sensitive to physical damage.
    • Most of storage media are damaged because of frequent usage.

    That is why, to minimize the risk of damage, it is necessary:

    • To use storage media carefully: don’t leave them under the sunshine; don’t expose media to electromagnetic emission; don’t drop, throw, scratch them.
    • Regularly check their condition and operability. If there are problems, substitute media.

    Back-ups will help to restore data in case of loss, theft, damage. It would be better if employees make a back-up when creating a new document. It is better to have more than one copy of a document and save these copies on different storage media. Then there will be less problems when restoring information.

    Issue: getting rid of storage media. If storage media is damaged, don’t throw it away. There will be consequences. For example, somebody can extract memory chip out of USB-flash-drive and try to read information.

    Solution: it is necessary to get rid of it properly.

    • Hard disks must be demagnetized.
    • Optical drives must be cut or destroyed.
    • USB-flash drives must have their memory chips removed.
    When arranging information protection, it is necessary to remember about storage media protection. If everything is done correctly and requirements are followed, the risk of information loss will be minimized.

     

    Important publications

    The SecureTower DLP system

    • Protection against data leaks caused by employees
    • Control of employees' work on computers
    • Identification of potentially dangerous employees (risk analysis)