ITSS Home IT Security Tools and Tips Security Shorts

How to Secure Data on a Thumb drive

Estimated time to complete: 30 mins.

If you use a thumb drive, you know how convenient it is for transporting your data, and how easily it could be misplaced. If you do lose physical control of your thumb drive due to loss or theft, you can still protect the data inside of your thumb drive by making it electronically inaccessible. This is particularly important if you use your thumb drive to store information that is personal and private (PPI), because in the wrong hands, PPI could be used to commit identity fraud.

Encryption is the standard technique used to protect data on devices susceptible to loss or theft. Several USB Flash Drives come with built-in Encryption Software. For example,

• The Lexar Jump Drive Secure II
• The Kingston Data Traveler Secure
• The SanDisk Cruzer Titanium

Overview

Inserting a thumb drive into a USB port of a Windows system is essentially adding another drive which has its own letter name to your computer. You store data on the thumb drive by saving or copying files to that new drive letter.

The encryption software on the thumb drive allows you to create yet another drive letter in addition to that drive. This drive letter is the encryption “vault;” files saved to this second thumb drive letter will be automatically encrypted. This documentation will show you how to update the encryption software if necessary, then how to use it to set up the encrypted vault in which to save your documents.

Step 1: Insert your thumb drive

1. This trident symbol appears on both your thumb drive and the appropriate port on your tower or side of your laptop. Insert your thumb drive into the port with this symbol.
2. A welcome screen may appear. If so, click Continue.
3. This message may also appear at this point. Updating your software in Step Two will eliminate this issue. For now, click OK to continue.



4. When you insert your thumb drive, Windows will automatically recognize it and present you with several options. Choose Open folder to view files using Windows Explorer and click OK.



Windows Explorer will reveal the contents of the thumb drive. For a new Lexar Jump Drive Secure II, the view will look similar to this:




NOTE: The assigned drive letter in this example is H:\, but the drive letter may differ for your computer.

Step 2:  Update your encryption software

Before you begin encrypting your thumb drive, make sure that you are using the latest available version of the encryption software. To check:

1. Close all windows and the Secure II dashboard, if it has appeared.
2. Look at the bottom right-hand corner of the screen for a small padlock icon.
3. Click the icon. Click About in the menu that displays.



4. In the About pop-up window that opens, if you see a Check for Updates link, click it.

NOTE:  If this link doesn’t appear, your thumb drive has the most recent software and you can skip to Step 3. Otherwise, continue following the instructions.



5. You will be directed to a Lexar web site: http://www.lexar.com/updates/SecureII10.html. Scroll to the bottom of the page and click Secure II for Windows.
6. In the pop-up box that reads Do you want to open or save this file?, click Save.



7. Save compressed (zipped) folder to your desktop. The file is named SecureII20_Win.zip and contains the updated software. When the download is complete, click Close.



8. Navigate to your desktop where the compressed folder is saved. Right click the folder to display a pop-up menu. Click Extract All… This will open the Compressed (zipped) Folders Extraction Wizard. Click Next.



9. An Extraction Wizard will open. Click Next.



10. In the Select a destination window, browse to My Computer, and then directory where the thumb drive’s software is stored. Choose the drive that contains SECURE II. Click OK.
11. You may get a message asking if you want to overwrite the files. If so, click Yes to all.
12. When the extraction is complete, uncheck the Show extracted files box and click Finish. You are done updating the software.

Step 3:  Go to the folder containing the encryption software

On the Lexar Jump Drive Secure II, the Windows version of the encryption software (Example: SecureII.exe) is stored in the drive letter that Windows originally assigned to the inserted thumb drive.

1. Double-click the SecureII folder
2. Double-click the Windows folder
3. Double-click the SecureII.exe icon and then Continue to bypass the welcome screen. This will launch the Secure II Dashboard.

Step 4:  Create an encrypted container

When you create the encrypted container or “vault,” there will be two drive letters associated with the thumb drive.  In this example, drive H:\ contains the SecureII.exe program that was originally launched to create the encrypted “vault.” New drive L:\ is the encrypted “vault.”

1. From the Secure II Dashboard, click Encrypted Vault, and then Create:



2. This will launch a three-step wizard process where you define a name, size and password for the container or “vault” that will hold your encrypted documents:
To minimize confusion, encrypting the entire thumb drive in Wizard Step 2 is recommended.
• Wizard Step 1: Name=Thumb-Encrypted; use the default location.
• Wizard Step 2: Size = When allocating a portion of the drive for encryption, leave some free space for future software upgrades (say 50MB).
• Wizard Step 3: Use a long “pass-phrase” instead of a password such as “Rudolph is my favorite reindeer!” to create a strong password that is easy to remember. 



TIP: There is no need to change the Assigned Drive Letter and avoid the use of password hints. Instead, see the ITSS Security Short on Managing Your Passwords for suggestions on how to safely keep track all your passwords.

3. After you have specified a name, size and strong password for the vault that will hold your encrypted documents, click Finish.

It takes approximately nine minutes to format the 1GB Jump Drive after which the newly created encrypted container will be “mounted” and accessible via a new drive letter.

NOTE:  Since most of the thumb drive space is now allocated to the encrypted volume, there is no room to store files anywhere else. You can only save files on drive L:\ and those files will be automatically encrypted.

Step 5:  Exit the Secure II application

1. Close the Explorer Window that has the encrypted drive letter (Example: drive L:\) open. This is necessary because you can’t close the encrypted vault while an application, such as Windows Explorer, has it open.
2. On the Secure II “Dashboard,” click Exit.



You will be given notice that the newly created encrypted vault will be unmounted, which means that the drive letter will no longer be accessible:



3. Since the thumb drive can’t be used for anything else but storing encrypted files, check the option to Safely remove my JumpDrive device.  Now click Yes and physically remove the thumb drive from the computer.

Step 6:  Use your encrypted thumb drive

1. To store files on your newly encrypted thumb drive, follow these steps:
• Insert the thumb drive into a Windows (or Macintosh) PC. The Dashboard will appear. (If it doesn’t, click the padlock in the lower right corner of the screen.)
• Click on Encrypted Vault
• A window will appear with the title “Use vaults to encrypt/decrypt your files on-the-fly”
• Click to highlight the previously created vault (thumb encrypted in this example)
• Click Mount



• Enter the password or phrase that protects the encrypted volume. Notice the Assigned Drive Letter under which the encrypted volume will be mounted. In this example, the drive letter is F:\



2. Click Mount
3. Minimize but do not close Secure II Dashboard to get it out of your workspace

Now you can copy or save files to the newly mounted volume via the Assigned Drive Letter. Any file that is saved or copied to this drive letter will be automatically encrypted when the drive is unmounted.

Step 7:  Unmount your encrypted thumb drive

1. Close any programs, such as Windows Explorer, that might be accessing the thumb drive.
2. Maximize the Secure II Dashboard  application (previously minimized in step 6 above)
3. Click Exit
4. Check the box to Safely remove my JumpDrive device then click Yes
5. Physically remove the thumb drive from the PC

Deleting the encrypted portion of your thumb drive

You may want to delete the encrypted portion of your thumb drive and “start over” for a couple of reasons:

• You forgot your password and, therefore, cannot access the encrypted portion of the thumb drive nor any of the files within it. Since the encrypted portion of the thumb drive takes up nearly all of the space on the thumb drive you need to delete it (and all the files contained within it) in order to reclaim the space and use the thumb drive again.
• You want to reconfigure the thumb drive. For example, you want to have space for both encrypted and unencrypted files. In this case, make sure you save any needed files on a different drive before removing the encrypted volume.

To delete the encrypted volume (and all encrypted files):

1. Insert the thumb drive into a Windows PC
2. Select the option to Open folder to view files using Windows Explorer
3. Navigate to the following sub-directory: drive:\SecureII\Vaults
4. Delete the file named Thumb-Encrypted (or whatever name you chose for the vault during step 4 above)