Encrypt your memory sticks (HMG)

Yet another security breach fo the Home Secretary to wrestle with. This time PA Consulting managed to lose a memory stick containing some rather sensitive information. According to the BBC, “The …

By
25th August 2008 at 5:45 pm

Yet another security breach fo the Home Secretary to wrestle with. This time PA Consulting managed to lose a memory stick containing some rather sensitive information. According to the BBC, “The memory stick contained un-encrypted details about 10,000 prolific offenders as well as names, dates of births and some release date of all 84,000 prisoners in England and Wales – and 33,000 records from the police national computer.”

It’s quite unbelievable that the information was not encrypted before placing it on the stick. Or that the stick didn’t have some built-in encryption itself.

“It can’t be rocket science,” thought I. And, in about two minutes, I’d Googled an answer. It’s possible to encrypt these drives easily and at zero cost, apart from some time, using an open source program from TrueCrypt.

So, for anyone uneasy about securing the information that leaves their organisation on memory sticks, here’s how to protect yours. If it looks too techie, give this blog and your sticks to a techie and he or she will sort you out. A special folder will be created on the stick which, when plugged into a computer, acts exactly like a disk drive. Except, of course, everything in it is encrypted.

Preparing an encrypted drive on your memory stick

1 ) Visit TrueCrypt http://www.truecrypt.org/downloads.php and download the version for your computer type. The instructions that follow are biased towards a Windows PC. (Vista in my case.)

2 ) Run the downloaded program, accept the licence terms and select the ‘Extract’ option. This puts all the TRUECRYPT files into a folder.

3 ) Empty the memory stick of its contents – I copied mine to a folder on my computer and then deleted them.

4 ) Copy across TrueCrypt.exe, truecrypt.sys and TrueCrypt Format.exe from the TrueCrypt folder to your memory stick. They may come in handy when you go to another computer.

5 ) Run TrueCrypt.exe from your computer or from your stick and click on Create volume then, in the dialogue that appears, choose the ‘Create a file container’ option. Click Next.

6 ) In the Volume Type dialogue that appears, choose ‘Standard TrueCrypt volume. Click Next.

7 ) Type the drive letter of your thumb drive followed by : then the name you want to give the folder. I chose f:myfolder. ‘Never save history’ is already checked, so I left it alone. Click Next.

8 ) You’ll be asked to choose your encryption options. Unless you have mugged up on the subject, you may as well accept the defaults. Click Next.

9 ) You’re shown how much space you have and are invited to provide a container size. I was using a 500MB card, so I settled for 400MB, in case I needed to keep some non-encrypted files on the thumb-drive as well. (Such as the TrueCrypt files that I copied just now.) Click Next.

10) Now it’s time to provide the password. Helpful suggestions are provided on screen. Hope you don’t mind if I keep mine a secret! I left ‘Use keyfiles’ and ‘Display password’ unchecked. Click Next.

11) Waggle your mouse over the next box for thirty seconds or so in order to generate an encryption key. Accept the defaults (unless you know what you’re doing) and click Format. Wait until a dialogue box appears to announce that it has finished – it will be a little while after the on screen counters stop counting.

12) A ‘Volume Created’ dialogue box appears. Click OK then click Exit in the Volume created dialogue.

That’s it. 12 steps that need to be taken only once to protect (part of) a thumb drive. Is this too much to ask of government employees and contractors?

Mounting the encrypted drive

Whenever you want to use the encrypted part of the drive, you need to run TrueCrypt. If it’s not on the target machine, run it from your memory stick.

The first thing you need to do is to assign the encrypted folder to a spare drive letter. TrueCrypt provides a list of spares – take your pick. Z is good, and unlikely to be claimed by the system for anything else.

Use ‘Select file…’ to locate your encrypted folder on the memory stick. Click Open.

Now Click Mount.

You will be asked for your password. Provide it and Click OK.

You will see that details appear against the appropriate drive letter. You can open it immediately by double clicking on it.

You will not be asked for your password again until you need to remount the drive.

Using the encrypted drive

Now just use it as a normal drive – you can open files and drag and drop them just as you would on any other drive.

When you’re done, choose the dismount option from TrueCrypt. You should then perform the ‘Eject’ operation if available (right-click the device in the ‘Computer’ or ‘My Computer’ list), or use the ‘Safely Remove Hardware’ function (built into Windows, accessible via the taskbar notification area). Otherwise you could lose some data.

If you have a power cut or the memory stick is removed any other way, the content of the encrypted folder always remains encrypted

A user guide is provided as part of the download. It will give you all sorts of additional clever tricks and advice. But what I’ve outlined here is safe. It works.

Perhaps someone should tip off PA Consulting and the Home Office about this blog …

#646464

David Tebbutt is an award-winning columnist and feature writer who specialises on the subject of using software and technology to increase business productivity. He's an analyst with Freeform Dynamics but, in previous lives, wrote for Director magazine, Real Business and was also editor of Personal Computer World. http://freeformdynamics.com

Commenting Is Easy

Do you agree with this blog post? Disagree? Have something to add that others might find helpful? Then please leave a comment in the box below.

If you'd like to have your image included next to your comments here, then you can set yourself up with an avatar in just a couple of clicks.

  1. As you say, encryption is easy. The Justice Ministry data was lost because it was there to be lost.

    The real question remains: Why should such sensitive data be removed in the first place?

    I am not convinced that losing sensitive data on an encrypted device is really any better than losing unencrypted data, the principle of neglect remains.

    The latest debacle is symptomatic of a shoddy ignorance when it comes to securing sensitive information. Why can’t HMG apply the same handling rules for databases that they apply to printed documents in secure registries?

  2. Good question Colin.

    Accepting that government departments, agencies and suppliers are incontinent when it comes to our records, I figured it worth showing how trivial a reasonable fix would be. And, more to the point, show our readers how easily they could deal with the same issue themselves.

    Then comes the much harder bit of changing the culture…

  3. Lee says:

    Just wanted to say thank you. The news story bought to my attention the lack of security on my own memory stick (nothing quite as sensitive as the recent news) and thanks to your very useful and informative blog I now know how damn easy it actually is.
    Thanks again.

  4. Hey. Thanks for the thanks, Lee. And you’re very welcome.

  5. Thanks very much for these clear instructions. It is something I’d been planning on doing for ages and, while it took more than a few minutes, it was certainly a lot easier with your notes.

    Best wishes, Graham.

  6. Glad to be of service Graham.

  7. Bo Vestergaard says:

    It is quite strange how something so easy can be impossible for “The Government”. At my work place no one would allow me to carry a picture of my cat without it being encrypted. Yet, personal records are not encrypted.

    I never used the particular software you mentioned (TrueCrypt) but I just noticed the software is available both for Windows and for Linux (I run Linux). Has anyone tried to encrypt files on one platform and open them on another platform? If I could save files in Linux and open them in Windows then it would be very useful.

    By the way, thanks for the article 🙂

    Bo

  8. Hi Bo
    I run Windows Vista. Contact me if you want to experiment with Windows Vista.
    David

  9. Yeast says:

    Interesting article – just one hitch with Truecrypt – you need to have admin rights on the machines that you plug your USB stick into in order for Trucrypt to either a) load the correct driver to carry out on the fly encryption or b) install Truecrypt on the machines that you use.

    As most organisations secure their PCs for use by ordinary users and restrict administrative privileges, it is unlikely that Trucrypt could be used effectively with multiple secure work PCs, unless the IT department has set things up to allow use of Truecrypt.

    Saying that, Truecrypt is a fantastic piece of software, and perfect for many requirements.

Leave a comment

Photostream

Listen to the sales podcast for SMEs Subscribe to the podcast on iTunes

PARTNER PROMOTIONS

If looking to boost your businesses performance with promotional marketing, travel incentives or incentive schemes get it touch with NDL Group