If you are a healthcare professional you have a duty to maintain the security of patient identifiable data. Within your job you sometimes need to use a USB key to transfer lists or letters between computers. If you lose your un-encrypted USB key with patient identifiable data then it may deemed negligent and you may face disciplinary action. In this how-to I will talk through how to setup an easy to use secure software encryption scheme for a USB stick/key for use with Windows.
You need to take care of PID (patient identifiable data) but you don’t have the time to learn the ins and outs of encryption schemata. Even if you use your USB key to transfer the data and then delete it, if you were to lose the key and it fell into unscrupulous hands it possible that someone could read even the deleted files.
TrueCrypt is an open source, free application that allows you to use tried-and-tested NHS approved encryption methods. It can be set up to automatically load when you plug the USB key into the PC.
How Does it work?
When you plug a USB stick into a PC it usually mounts the drive as a drive letter (F in this example). When TrueCrypt is running and you have entered your password you will be greeted by a second drive letter, this is the encrypted one. The files on this new drive will only be decrypted and visible to you once you have typed in your password. Existing files on your USB key will not encrypted, only ones added to the new drive letter. You have to store the encrypted files in a container I have called ‘secretfile’, but you could call it anything you wish. If someone found your USB key the encrypted data will all be enclosed safely within your file container ‘secretfile’ which someone could see exists but they would not be able to view the actual contents of the file without obtaining your password.
1. Download the newest version of TrueCrypt from here.
3. Double-click on the downloaded file and it will run. You will be warned that the file has come from the internet, this is OK.
4. Accept the default terms and conditions and then select extract rather than install. You do not want to install the program on your computer as this would probably be in breach of your local IT guidelines.
5. Extract the files to your desktop, leave the box ticked that allows you to open the folder once extracted.
6. This new folder will pop-up. Plug your USB key in and note what drive it comes up as. (eg F:)
6. Run the program called “TrueCryptFormat.exe” by double-clicking on it.
7. Select “Create File Container”, then “Standard TrueCrypt Volume”
8. Where it says Volume Location, enter “F:secretfile” (substituting the drive letter of your USB key if it is not F.) This is the container in which your encrypted files will be stored.
9. Keep the standard options on the next screen, that of AES and RIPEMD-160.
10. You need to tell the program the size of the encrypted drive you want to create. The container produced will use up that amount of space, so if for instance you created a 100MB encrypted drive, this would take up 100MB of un-encrypted space on your USB key, even if the encrypted area was ’empty’. You may wish to leave room for un-encrypted data. The amount of free space should be displayed to help guide you.
11. Next enter your password, the strength of your password is critical, see below for details on this.
12. Click next and your encrypted drive should now be created, this may take a few minutes depending on the size of your key and speed of your computer.
13. Once complete close the window.
14. Now open the file called “TrueCrypt.exe”, go to the “Tools” option on the menu, then “Traveller Disk Setup”.
15. Under file settings specify the location F:\truecrypt, (changing the drive letter F to whatever the current drive letter is for your USB key). Where it asks for autorun configuration select “Auto-mount”. In the box where it says “file to mount” enter secretfile .
16. Click create, when done, close all windows that you have opened and remove the USB key.
How to use
1. Insert USB key. You should get the following popup, select “Mount Truecrypt Volume” and then enter your password at the next prompt. A window should pop up with a new drive letter but there will be no files, yet.
2. To copy files to the new encrypted area just drag and drop as if it was a USB key.
3. To remove the USB key first dismount the key by clicking on the TrueCrypt logo on the right hand side of the status bar and select “Dismount all devices”
What is Encryption?
When you use your password to get into a website it is used to compare it with a list of usernames and paswords to confirm your identity and let you in, that means if you lose your password your supervisor can look it up and remind you of it.
Encryption is different. Think of encryption as your data being scrambled using your password, and not even your supervisor or boss can access it. This means if you lose your password then you can’t get your data back.
How secure is AES-256 Encryption?
It is secure… secure enough for the US government for use with “Top Secret” information. Your encryption, however, is only as strong as your password.
The easiest way to “crack” or hack your encrypted USB key would be to try common passwords or run through the dictionary. The longer and more complicated your password, or pass phrase the safer your data. Try using a password with at least 8 letters, use upper and lower case and numbers. Use more than one word or use a combination of your favourite non-English language words. This is an example of a strong password. “Love”, “Password”, “Arsenal” or your name are all examples of weak passwords.
Your local IT department may not allow you to use programmes that run off the USB key because you may not be running as an “administrator”