Does your company have any policies in place regarding how USB drives are used?
USB drives have been popular for quite some time, especially for busy employees who need quick access to data across a variety of different machines. Individuals can simply carry a USB drive around with them and move data between computers with ease.
While there’s no denying their ease of use, this flexibility doesn’t come without a number of shortcomings. A recent study published by Apricorn revealed some truly surprising statistics. The study showed that 87% of those surveyed had either lost or had a USB drive stolen without notifying their employer. In addition, 80% of those surveyed reported using USB drives that were not encrypted – many of which had been given to employees by vendors or received at trade shows.
Risks associated with using USB drives in your organization
If your organization doesn’t have a strong policy on how USB drives are used, you should understand the risks they pose:
USB drives can be reprogrammed in a number of ways – not only to gain access to their contents but also to infect any device that they’re connected to. This can allow the drives to quickly spread malware across an entire network. USB drives can be programmed to automatically run certain programs when they’re inserted into a computer. Many times, hackers will configure these drives to run a malicious program that installs malware, edits files, or locks down a computer. At a minimum, users should always use a malware scanner to ensure the safety of any files that are accessed on a USB drive.
Because the majority of USB drives are not encrypted, major problems can arise if they are lost or stolen. While hackers typically must infiltrate corporate networks to gain access to sensitive data, accessing a stolen or lost USB drive skips this step. Organizations that are subject to cybersecurity regulations must pay special attention to the use of USB drives, because there may be rules in place that prohibit the storing and disseminating of data via external or unencrypted devices.
Ability to boot to USB drives
Not only can USB drives be used as a vector to load malware and other questionable information onto a company’s network, they can also be used as a boot device. This means that someone could place a USB drive into a machine that would then boot to the USB drive – giving complete control to whatever application or operating system is being used by the USB device.
How to protect against the dangers of USB drives
There is no 100% foolproof way to protect yourself and your employees from the risks of USB drives, but there are a number of strategies you can use to mitigate these risks. These include:
- Malware protection – As mentioned above, all USB devices should be scanned for malware prior to being connected to a corporate network. This is often achieved by having a machine that is not physically attached to the corporate network and dedicated to scanning these devices.
- Avoid directly plugging in USB drives – Instead of plugging in a USB drive at each workstation, companies can utilize a USB security system to which drives are connected. Once connected, these devices can be scanned and any files can be transferred to a corporate portal where data can be downloaded.
- Control user access – Most operating systems allow for control over how USB devices function when connected to a computer. This can allow IT, admins, to limit access to certain files like executable files or commonly-spoofed files – such as PDFs and MS Office documents – that can cause significant damage.
Leverage the cloud and avoid the dangers of USB drives
With advancements in cloud computing, many companies are exclusively using the cloud for file storage, which reduces the need for USB drives. If your company is currently relying too much on USB drives, it may be time to develop a new strategy to ensure your data is protected.
To learn more, give our team a call today at 954-880-0388 or reach out to us through our online contact form.