Does your company have any policies in place regarding how USB drives are used?
USB drives have been popular for quite some time, especially for busy employees who need quick access to data across various machines. Individuals can carry a USB drive around with them and move data between computers with ease.
While there’s no denying their ease of use, this flexibility doesn’t come without several shortcomings. A recent study published by Apricorn revealed some shocking statistics. The study showed that 87% of those surveyed had either lost or had a USB drive stolen without notifying their employer. Also, 80% of those surveyed reported using USB drives that were not encrypted – many of which had been given to employees by vendors or received at trade shows.
Risks associated with using USB drives in your organization
If your organization doesn’t have a strong policy on how USB drives are used, you should understand the risks they pose:
USB drives can be reprogrammed in many ways – not only to gain access to their contents but also to infect any device they’re connected to. This can allow the drives to spread malware across an entire network quickly. USB drives can be programmed to automatically run certain programs when they’re inserted into a computer. Many times, hackers will configure these drives to run a malicious program that installs malware, edits files, or locks down a computer. At a minimum, users should always use a malware scanner to ensure the safety of any accessed files on a USB drive.
Because most USB drives are not encrypted, major problems can arise if they are lost or stolen. While hackers typically must infiltrate corporate networks to access sensitive data, accessing a stolen or lost USB drive skips this step. Organizations that are subject to cybersecurity regulations must pay special attention to the use of USB drives because there may be rules in place that prohibit the storing and disseminating of data via external or unencrypted devices.
Ability to boot to USB drives
Not only can USB drives be used as a vector to load malware and other questionable information onto a company’s network, but they can also be used as a boot device. This means that someone could place a USB drive into a machine and boot to the USB drive, giving complete control to whatever application or operating system is being used by the USB device.
How to protect against the dangers of USB drives
There is no 100% foolproof way to protect yourself and your employees from the risks of USB drives, but there are some strategies you can use to mitigate these risks. These include:
- Malware protection – As mentioned above, all USB devices should be scanned for malware before being connected to a corporate network. This is often achieved by having a machine that is not physically attached to the corporate network and dedicated to scanning these devices.
- Avoid directly plugging in USB drives – Instead of plugging in a USB drive at each workstation, companies can utilize a USB security system to which drives are connected. Once connected, these devices can be scanned, and any files can be transferred to a corporate portal where data can be downloaded.
- Control user access – Most operating systems control how USB devices function when connected to a computer. This can allow IT, admins to limit access to certain files like executable files or commonly-spoofed files – such as PDFs and MS Office documents – that can cause significant damage.
Leverage the cloud and avoid the dangers of USB drives
With advancements in cloud computing, many companies are exclusively using the cloud for file storage, which reduces the need for USB drives. If your company is currently relying too much on USB drives, it may be time to develop a new strategy to ensure your data is protected.
To learn more, give our team a call today at 954-880-0388 or reach out to us through our online contact form.