Using an encrypted flash drive: general instructions

Regardless of what is stored on the flash drive, do not use the drive on computers if you are not sure of their administration; this includes public computers at libraries, internet cafés or at your friend's house. Your password might be compromised without you noticing, and some time later the flash drive with sensitive information on it might go missing.

Never save both public and sensitive material on the same flash drive. You should also never use the same flash drive for multiple purposes, such as saving both personal documents and sensitive research materials.

Encrypted flash drives are not under the University's central administration, so IT support is unable to access the data stored into their memory or help with forgotten passwords. The password on a flash drive can be entered wrong 10 times, after which it is locked down and the information on it is permanently deleted. It is possible to restore the flash drive back to use, but doing this will delete all data on it.

Rules and instructions for using an encrypted flash drive

• A person who has signed out an encrypted USB flash drive agrees to follow the rules related to the use of flash drives.
• Each employee is responsible setting a strong password for the flash drive, and for handling the drive reliably so that the drive and the data on it do not fall into the wrong hands.
• If there are files of security rating TLIII or II saved on the flash drive, it should be kept in a secure locker or, if possible, in a safe when it is not being used. Especially transporting sensitive data unnecessarily should be avoided.
• The flash drive is only intended as a temporary transfer media, and long-term storage of data on it is forbidden.
• The USB flash drive must be handled according to the rules of handling sensitive items and material The flash drives are intended only for work-related use in University of Helsinki business. Using them for other purposes is not allowed.
• USB flash drives are personal, and may not be borrowed or passed on for anyone else to use. Giving the password for the flash drive to another person is also not allowed.
• At the end of employment, flash drives that have been signed out must be returned without separate prompting to the person responsible for administering USB flash drives.
• A virus and malware check must be performed immediately after plugging a flash drive into a computer. If a virus or malware is detected on the flash drive, notify Helpdesk immediately and follow the instructions you receive.
• Before confidential material received from a partner is saved on an encrypted USB flash drive, the USB flash drive must be empty. Also, the password set for the drive must be at least 15 characters long.