Carrying sensitive data

What do you think about getting an ultra slim USB card (credit card thin) and keeping it in your planner? You can use True Crypt (http://www.truecrypt.org/) (free download) to encrypt the data and keep passwords or any vital information in your planner without distorting the binder with a typical USB key. But you can Google these ultra slim cards. They're $24.95 for 4 GB. What do the experts think about how safe this is (in case the planner gets lost or stolen)?
I don't have a need for a laptop and since almost every computer has a USB port, it would be great to have the convenience of keeping important files "in the planner" and using it on "outside" computers.

Syndicate content

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

Beware of "outside" computers

... almost every computer has a USB port ... using ... "outside" computers

While it may be true that USB ports are widely available, the use of software on a removal drive may break security policies. Before using one's own personal software on an "outside" computer make sure that it is permitted. Some organisations consider it a dismissable offence to run any personal software no matter how good the reasons might be for doing so.

Also beware of using encrypted data on outside machines. You do not know what else is installed there; botnets, spyware, keyloggers, snoopware will all have access to the unencrypted data the instance the encryption system presents it to you (as the user).

Good Advice

Ok, thanks for the warnings. If anything, I think this would be a good way for me to go even if it is just to keep my passwords off the hard drives at work and at home, yet have them with me when I need them.

I don't work in a corporate setting and don't work for the government so I'm not worried about getting canned. The computers I would use a USB card on would be on computers at a hospital or surgical center that are maintained by IT departments, but I'll check with them about my intentions.

And just after I posted my original post, I saw that Amazon has the 4 GB credit card thin USB cards for $9.99. http://www.amazon.com/Ultra-Credit-Flash-Drive-Blue/dp/B004N...

This will fit in the back slot of my planner better. Thanks again for the feedback.
Jake

Nice link !

but "the fine print" says that there is a $4.74 shipping charge making the total $14.73.
That's still a decent price for a 4GB flash in the credit-card form.
-----------------------------------
"I think the surest sign that there is intelligent life out there in the universe is that none of it has tried to contact us." (Calvin and Hobbes/Bill Waterson) ***

I would be worried about

I would be worried about HIPPA laws. I doubt they allow the use of USB cards in computers that could have personal medical information in it. I'd be really careful. It sure isn't worth risking your job!

Where did this come from?

Hmmm.......all of a sudden we're talking about HIPAA? Who mentioned private health information? All I'm talking about are passwords, locker combinations, security door combinations, etc. that I can access from a USB card.

Even if I was to download a patient's medical record on the card and bring it up on a computer in the hospital, how would this be a violation of HIPAA? The computers in hospitals that physicians have access to are all about "personal medical information" "in them". That's the reason they are there. Accessing PHI on a patient you are treating is perfectly legitimate and legal as long as it is relevant to your patient's case. There is nothing wrong with plugging in a USB key on a computer in a doctor's dictation room in a hospital, opening a file on the card that contains PHI, editing or adding to some dictation let's say, and saving it again to the same card and removing the card to later print out or save the file in your own private office.
There's enough to be concerned about in the world and in medicine these days. HIPAA violations with a USB card is not one of them for me. Nor is risking my job. I appreciate the thought, but my intention to save and use data on a USB card is not a worry for me in this respect.

HIPAA === Security

My understanding of HIPAA in this respect is that it is the medical community's security standard. If the Pentagon won't let you plug your USB flash drive into one of their machines, chances are that a hospital won't let you do it either.
-----------------------------------
"I think the surest sign that there is intelligent life out there in the universe is that none of it has tried to contact us." (Calvin and Hobbes/Bill Waterson) ***

USB port security

Sometimes people simply won't comply, usually if they think the security reasons are unreasonable.
It became such a problem my employer simply epoxied over all the USB ports on all the work computers, including laptops.

Be very cautious

Concur. Beyond the valid security issues, using external flash drives is a very good way of transmitting or receiving malware. Your flash drive might be clean, but the computer he's plugging into might not be. It's a real risk.

And, using a hospital computer is even riskier because so much confidential data are on their networks.
-----------------------
"If you tell the truth you don't have to remember anything." - Mark Twain

So noted

I guess there is risk involved. But this talk about risk and worry has me putting this simple idea of mine into perspective. I participate in much more risk in the other things I do and worry about much greater and important things than malware on my USB card or personal computer. Having my passwords, combinations, provider #s, etc. always with me and viewing them on an outside, trusted computer from my own USB card is a risk I'm willing to take.
I spoke with the IT dept. at the hospital. They said it would be fine if I were to use my own USB card on their machines just to open a Word file and not save anything to the card. They have an encrypted USB key that they'll give me if I want to save data to an external source. Since their data is encrypted, I would need their encrypted USB key to be able to save data from their system. It is because there is confidential data on their system that makes me trust the security of their system. Other than a Veterans Admin. Hospital, there is no reason to think that the rules that apply to the government, apply to a hospital.
BTW, my 4GB, credit card thin, USB card arrived today. I think it's awesome and I'm looking forward to the convenience of having it in my planner.

$25 for a 4gb flash drive ?

Way too much money for a bunch of plastic around the actual drive.
I found these drives on Amazon. The 4GB is $11 and you can get an 8GB for $17 and a 16 GB for $29.

Also, I will second the opinion expressed by reepicheep.
You will get slammed by Security if you get caught plugging a personal flash drive into a corporately or government owned computer. Your idea has merit, but you have to consider all possible side-effects.

Check out these links:
Majority of employees plug unknown USB flash drives into company PC's
Pentagon Confirms 2008 Computer Breach — 'Worst Ever'
IBM Distributes USB Malware At Security Conference
-----------------------------------
"I think the surest sign that there is intelligent life out there in the universe is that none of it has tried to contact us." (Calvin and Hobbes/Bill Waterson) ***