I couldn’t help but recently overhear a conversation while enjoying an outing with my wife at a local café; a university professor was telling a colleague about the horror of losing her USB stick. Looking clearly distraught as she explained the story, I mused about what data could have been stored on the thumb drive: students’ marks, banking information, private photos and videos. The potential fallout is hard to ascertain. “What a nightmare!”, I said to myself as I contemplated whether or not to interject the conversation. Luckily we ended up chatting and I got the chance to bring up encryption and the importance of protecting portable data. What I had to say clearly caught her attention and would bet that going forward she would take whatever steps necessary to avoid being in that situation again.
Encrypting data on flash drives should be a top priority if they are being used to store sensitive data, especially because of their propensity for physical loss due to small size and portability. Think about how easy it is to misplace, drop or simply leave behind. What about the minimal effort required for a thief to walk by and snatch one out of your device? With flash drives reaching terabyte capacity, people are storing more and more data on them without taking into consideration the impact if they were to fall into the wrong hands.
My recommendation is the wonderful freeware encryption utility called “TrueCrypt”. I know many have heard by now that the project abruptly ended in May 2014, but for the time being it remains my #1 choice for protecting my flash drive until there is a viable alternative. I realize the program’s sourceforge page recommends users to switch over to Microsoft’s proprietary BitLocker that only ships with the higher end Ultimate/Enterprise editions of the OS. I’m sorry, but this answer is not sufficient as BitLocker is only supported by Windows OS whereas TrueCrypt is cross-platform (Windows/Linux/OS X). I personally believe that the source code for encryption software should be publicly available for cryptanalysis as was the case with TrueCrypt. In fact, a professional security audit is under way called the Open Crypto Audit Project and so far has not found any evidence of backdoors or malicious code. The reason for the TrueCrypt developers suddenly dropping the project after 10 years is somewhat of a mystery. The bizarre message that appeared on the website stating that development ended after MS terminated support of Windows XP is very cryptic and has fanned the flames of conspiracy theorists worldwide. Many suggest that the developers simply decided to retire the project but I have decided to keep an open mind as like the revelations of NSA whistleblower Edward Snowden revealed, anything is possible.
Well enough of my ranting…back to the solutions…
One of TrueCrypt’s many great features is OTFE (On-the-fly Encryption) also known as real-time encryption. The main advantage is transparency to the user, meaning that you do not have to re-encrypt the files you work with after you’re done using them. There is also a portable mode that will allow you to run the program directly from the USB device without the need for the program to be installed on the operating system as long as you have admin rights. The TrueCrypt v7.1a installation packages and instructions can still be found on the GRC’s TrueCrypt final release archive.
There is an alternate OTFE portable solution for USB flash drives called Rohos Mini Drive that deserves honorable mention. One of the features gives the ability to access the disk without the need for admin rights, however there are several limitations. Please refer to the website for more information.
Another solution is File/Folder Encryption. The disadvantage when compared to OTFE is that encryption is not done in real-time. You need to manually select the files that you want to encrypt and if there is sensitive data that is not part of your encrypted archive, it will be clearly readable by anybody with access to your flash drive. My recommendation for File/Folder encryption is 7Zip which also has a portable app that can be installed and run directly from the USB device without software or admin right dependencies.
The most expensive solution is Hardware-Based Encryption. These secure flash drives are widely available from many vendors, such as IronKey and Kingston. The advantages are that encryption is always active without software or driver dependencies and no learning curve. Encryption/Decryption operations are managed by a built-in chip on the flash drive. The downside is the elevated cost that can easily be 3 or 4 times that of a regular flash drive with similar capacity.
All of these solutions support the AES-256 cryptographic algorithm which is the government standard for encrypting highly sensitive classified information. What this basically means is that unless by chance your flash drive is found by some NSA cryptanalyst, your data should be safe from prying eyes. So if you really care about securing your portable data, go and try one of these great encryption solutions ASAP.