USB drives are extremely popular in business and in personal use, making it easy to store and transfer files. They’re inexpensive, portable, and can hold a ton of information in various file formats.
But the cost of convenience can be high – USB drives can be used to easily transmit malicious files and put company data at risk.
Good Intentions, Not-so-good Intentions
USB drives are a popular giveaway item at trade shows, sales meetings, and other events. They often come preloaded with brochures, presentations, and other useful information. People commonly plug them right in once back to their computer, but often don’t consider what else might be lurking. If a malicious file is buried or hidden among the contents, it can transfer to one’s system.
This certainly isn’t to say that anyone who uses a USB is trying to cause harm – malicious file transfer through a USB is often unintentional. If the device used to load the USB drive was infected, the USB drive may be, too.
Now for malicious intent: USB drives are also a common tool employed by cyberattackers. USB drives can host a wide variety of attacks to steal data, install malware, or destroy the device altogether. Attackers can simply leave infected drives in parking lots, hallways, and public spaces and wait for a curious unsuspecting victim to pick them up and plug them in. Unfortunately, this technique really works: one interesting study showed that 48% of USB drives abandoned on a college campus were plugged in, some within minutes of being dropped.
What’s Lost Can Be Found
Portability is a benefit of USB drives, but it’s also a large contributor to the risk. The small size means that USB drives can be easily lost or stolen, and considering all the sensitive data often stored on these drives, the risks are high.
What if an employee puts confidential information on a USB drive and leaves it at a coffee shop or drops it on the way to their car? Lost USB drives are hard to locate and recover, and if the data isn’t encrypted, it’s compromised – you never know who was curious enough to plug in the lost drive.
With all the secure file transfer solutions available today, encourage your customers to explore safer alternatives to USB drives. For maximum success, be sure they:
- Include their no-USB decision in their Technology and Data Use Policy
- Provide employees with alternatives to securely send files
- Set up peripheral control so company computers won’t recognize USBs even if they are plugged in
If your customers do decide to allow USBs in their business, a few steps can help to minimize their risk:
- Use only company-owned USBs that are high-quality and encrypted
- Establish policies and controls around what company data can be put on USBs
- Never plug a company-owned drive into an outside device
- Avoid plugging in unfamiliar USBs until the contents are scanned in a sandbox environment
Are your customers aware of the risks of USB drives? Now that is the question.
Your Friends @ Defendify