Why are so many USB sticks unencrypted?

At the end of each month I publish an article listing the major cyber attacks and data breaches that have taken place. When researching breaches for this list, I can’t help but notice how many breaches occur due to unencrypted devices being stolen, especially USB sticks.

The State of USB Drive Security in Europe study revealed that the data breaches that can result from lost or stolen USBs are huge.  More than 62% of respondents in this study say that they are absolutely certain (31%) or believe that it was most likely (31%) that a data breach was caused by sensitive or confidential information contained on a missing USB drive.

Unencrypted USB drive stolen, 3,000 Humana members in Atlanta impacted

–          In Georgia, nearly 3,000 members of health care provider Humana are being notified that their personal information – including Social Security numbers – may have been compromised after an encrypted laptop and unencrypted USB drive were stolen from an associate’s vehicle.

Missing thumb drive puts 3,500 Texas cancer centre patients at risk

–          More than 3,500 patients of The University of Texas MD Anderson Cancer Centre may have had personal information compromised after a researcher’s unencrypted USB thumb drive went missing.

Two points:

Firstly, sensitive information shouldn’t be copied onto portable storage devices, in my opinion. If you’re in a situation where you absolutely need to transport sensitive information then strong encryption should be used and the data should be removed from that device once its job is complete. I have a SafeXs 3.0 encrypted USB stick that holds a few photos, music and a couple of documents, none of which are sensitive but I’ve made it a habit to secure any of my information and I suggest that you do the same.

Secondly, if you’re going to put sensitive information on an unencrypted USB stick, DON’T LOSE IT. In 2010, 17,000 USB sticks were left at dry cleaners.