CIS Safeguard 3.9: Encrypt Data on Removable Media

CIS Safeguard 3.9: Encrypt Data on Removable Media

By Steve Gold
Posted in Security
On May 06, 2025

Written with contributions from Bryon Singh, Director of Security Operations, RailWorks Corporation

Encrypting Data on Removable Media: The "Q" of Cybersecurity

In the thrilling world of James Bond, "Q" is the gadget master, equipping 007 with state-of-the-art technology to keep his missions secure. From encrypted briefcases to self-destructing drives, Q ensures that Bond's classified information remains out of enemy hands. In the realm of cybersecurity, encrypting data on removable media plays a similarly crucial role in safeguarding sensitive information from falling into the wrong hands.

The Importance of Encrypting Data on Removable Media

Much like the high-stakes operations in a Bond movie, organizations deal with critical data that can be vulnerable when stored on removable media like USB drives, external hard drives, and SD cards. CIS Safeguard 3.8 emphasizes the necessity of encrypting this data to protect it from unauthorized access, even if the physical media is lost or stolen.

Steps to Encrypt Data on Removable Media
  1. Identify Sensitive Data: Start by identifying data that needs encryption. This could include personal information, financial records, intellectual property, and other critical data that, if exposed, could lead to significant harm.
  2. Choose Encryption Tools: Equip your organization with reliable encryption tools. Just as Q provides Bond with cutting-edge gadgets, select trusted software solutions that offer strong encryption standards. Tools like BitLocker, VeraCrypt, and other encryption software can be used to secure your data.
  3. Implement Encryption Policies: Establish policies that mandate the encryption of all sensitive data on removable media. These policies should be part of your organization's broader data security strategy, ensuring consistency across all departments.
  4. Educate Employees: Just as Bond is briefed on his new gadgets, employees should be trained on the importance of encrypting data and how to use encryption tools effectively. Provide clear guidelines and regular training sessions to keep everyone up to date.
  5. Regularly Update and Review: Like Q's constant innovation to stay ahead of adversaries, regularly review and update your encryption methods to adapt to new threats and technological advancements. Ensure that your encryption tools are always up to date with the latest security patches.
  6. Monitor and Audit: Keep a close eye on the use of removable media within your organization. Conduct regular audits to ensure compliance with encryption policies and identify any potential security gaps.
Benefits of Encrypting Data on Removable Media

Implementing CIS Safeguard 3.8 and encrypting data on removable media offers several key benefits:

  1. Data Protection: Encryption ensures that even if removable media is lost or stolen, the data remains inaccessible to unauthorized individuals, protecting sensitive information from exposure.
  2. Regulatory Compliance: Many regulatory frameworks require the encryption of sensitive data. Compliance with CIS Safeguard 3.8 helps organizations meet these requirements and avoid potential fines and penalties.
  3. Reduced Risk of Data Breaches: Encrypting data minimizes the risk of data breaches and unauthorized access, safeguarding the organization's reputation and customer trust.
  4. Peace of Mind: Knowing that sensitive data is encrypted provides peace of mind, allowing organizations to focus on their core operations without constantly worrying about data security.

Just as James Bond relies on Q's gadgets to stay one step ahead of his enemies, organizations must leverage encryption to protect their valuable data on removable media. By implementing CIS Safeguard 3.8, you can ensure that your sensitive information remains secure, no matter where it's stored or who might get their hands on it.

Resources

Here’s a link to the Data Management Policy Template for CIS Control 3 provided free of charge from the fine folks at the Center for Internet Security.

Looking for even more detail? Here you go. If this still doesn’t satisfy your curiosity, DM me.

CIS Control 3 – Data Protection

Develop processes and technical controls to identify, classify, securely handle, retain, and dispose of data.

CIS Safeguard 3.9 - Encrypt Data on Removable Media

Encrypt data on removable media.

Steve Gold

Steve Gold

Steve Gold is the Cybersecurity Practice Director at Gotham Technology Group (Gotham). He is responsible for providing the vision and thought leadership to expand Gotham’s legacy of success and build a world-class cybersecurity practice. He works closely with Gotham’s customers, industry partners, and subject matter experts to develop relevant solutions for Gotham’s clients and prospects.

Prior to joining Gotham, Steve worked with the Center for Internet Security (CIS), where he expanded the global reach, revenue, and impact of the CIS Benchmarks, CIS Controls, and CIS Hardened Images. He led the efforts to promote the CIS portfolio of low-cost and no-cost cybersecurity products and services that help private and public organizations stay secure in the connected world. He grew a team of security specialists from 12 to over 40 to assist organizations with implementing security best practices in their continual journey of cybersecurity maturity.

During his more than 20-year career, Steve led teams responsible for developing and implementing technology solutions at some of the industry’s most recognized companies such as Varonis, VMware, Dell & Wyse Technology

Steve is a frequent speaker/moderator at industry conferences and webinars, covering a wide array of information security topics. He resides and works remotely in Baltimore, MD.