SecureData recently announced the launch of its SecureDrive product line of hardware encrypted external portable USB powered drives. On the back of that, Infosecurity caught up with COO Sergey Gulyayev to talk about why people do not back up regularly, and if recent headlines should encourage better habits.
The new releases include an on-board keypad user authentication and Bluetooth mobile app user authentication methods, while preloaded USB anti-virus software and automatic cloud backup are included. This level of secure backup was added because SecureData believes that businesses are challenged to back up their data, but why is this the case? Gulyayev said that it commonly depends on a number of factors, including: incompatibility, no clear plan forwarded over from staff down and on boarding of new employees.
He also said that small businesses don’t see this as an issue, but not to do it “can be catastrophic” as companies have many systems, different platforms, services and devices, and often there is no back up attached to them.
“Backing up is more defensive and a small business is more focused on revenue generation, so it becomes an afterthought – if thought of at all – and small businesses are not prepared to deal with it.”
Is it the case that backing up is not usually a priority? “Not only that, but businesses don’t consider that something could happen to them and it can be very costly and a business continuity plan is expensive and takes resources that you need to maintain,” Gulyayev said. “If you have hardware and software in place, to have someone on top and testing it pretty regularly adds to the business distraction.”
In terms of his thoughts on “on boarding new employees,” Gulyayev added that when IT has a new starter, they are focused on whether that new employee has the right resources to do their job, but not making sure data is stored properly and in a certain way, and “this is lost in shuffle and if files are not checked and if backup is not in place and not planned and tested in right way, then a company is not ready.”
Gulyayev went on to say that even with an efficient backup plan, it is not always possible to recreate a desktop or server through a recovery service, and sometimes it depends on how things happened. “Sometimes there is no way to recover data if it has been obliterated,” he said, explaining that there are ways to backup on or offsite, and the ideal scenario would be to store in different places and protect those backups in order to keep the business running.
The introduction of the GDPR in May, and 2017’s ransomware attacks, put the spotlight on not only backing data up, but also knowing where your data is stored. Gulyayev was asked if he felt that these stories had driven better acknowledgement and practice around backing up. In terms of GDPR, he said that this had been talked about for a while and it had got businesses thinking about taking better care of their data “and it made companies adapt to a plan as fines are applied if you are not being compliant.”
In terms of data protection, he said that as of May 25 he did not believe that the majority of companies were compliant or had a plan in place that they could follow, and there were not many simple solutions “that work out of the box and make a company compliant” as large quantities of data are collected from numerous devices.
He said that GDPR puts a lot of focus on data, and data should be protected, and the primary reason why data leaks happen is because someone loses a USB stick or drive can easily leak a few gigabytes of data.
This led to the launch of the SecureDrive products, which includes the SecureDrive BT which uses Bluetooth authentication from an app, and the SecureDrive KP which has a physical keypad. Both were launched at Infosecurity Europe this summer, and Gulyayev said that the response was very positive, particularly to the BT option as this is “a brand new way to access military grade encryption with user friendly experience.”
So was GDPR a big driver for adding security functions to the new products? Gulyayev said he would be surprised if GDPR was a driver for anyone, considering the two year head start businesses had, but instead the mindset was about the need to get away from the user being responsible, as when the user has to think and evaluate, “that is when you run into problems and that is what you need to protect – give them a solution that is easy to use out of box, and there is no reason they should lose their data.”
The devices use AES-256 military grade encryption, in order that the data can be stored in as strong encryption as possible. “We do advertise that as a key attribute of the product, and the user really doesn’t need to know how it works, it just works and if it is lost or stolen or there is a malicious attempt to access it, mechanisms will prevent multiple attempts.”