The Security Risks of Removable Media
If you run a company, you’ve likely used a USB drive before. In many situations, a flash drive seems like the easiest solution to pass important information between employees. It also offers an easy solution for you to take important documents on the go.
Some companies believe that using thumb drives is safer than sharing documents over the internet. However, what they fail to see is that removable media comes with its own set of risks as well.
What Is a USB Drive?
Flash, thumb and jump drives are just a few of the terms that people use to describe removable media devices that plug into a computer via a USB port. These devices have been around for a long time and are an easy way to transfer files to and from a computer.
The company that created the first flash drive is still debated to this day. That’s because Trek 2000 International created the JumpDrive the same year that IBM came out with DiskOnKey. In either case, the first thumb drive could only hold 8 megabytes. Today, flash drives can hold several to hundreds of gigabytes of information.
Other Types of Removable Media
USB drives might be the most common type of removable media that your employees are likely to use, but they aren’t the only kind of removable media that could pose a security risk. Any device that your employees use to transfer data to and from company computers can be a security risk. These include CDs, SD cards and even smartphones.
The Importance of Security Awareness
Unfortunately, many employees might not understand the significant risk that they take when plugging a USB drive into their work computers. If it’s not a flash drive that they’re familiar with, the chances of the drive being infected with malware or viruses is high. The risk increases when employees don’t know where the jump drive came from.
To make matters worse, many people click on files or programs even if they don’t know them. This theory was tested at the University of Illinois Urbana-Champaign campus. Researchers dropped over 300 USB sticks on campus, and the findings were shocking.
Nearly 98% of the sticks were picked up by students. A staggering 45% of the students clicked on the files that they found on the sticks. While the files included in the experiment were clean, they could have been preinstalled malware. The students who clicked on the files could have easily infected their computers.
Training your employees through corporate education is one of the best ways to ensure that they don’t make the same mistakes as these students. The more that your employees understand about security risks involving removable media, the safer that your sensitive business data is.
Malicious Software
Using USB drives is risky for a number of reasons. For example, if you store sensitive information on these devices and lose them, whoever finds the drives now has access to the information. However, the real threat could be the unknown contents of these devices.
Hackers can use USB sticks to not only infect your computers but also take control of them. Just like computers, USB sticks can have programs installed on them. Sometimes, they require the user to activate or click on them. Other times, they start as soon as they’re plugged in.
In either case, it’s possible for intruders to gain full control over a computer through a USB stick. This happens when the removable media installs a hidden program on your computer. Through this program, prying eyes can gain access to all kinds of sensitive information without you even knowing.
How to Protect Your Company’s Data
USB devices are still a great way to transfer data. You just have to take steps to protect your company from unknown dangers that might be on USB sticks.
Firstly, don’t plug an unknown drive into your computer. Even if you don’t click on files within the USB drive, some programs are set to automatically infect your computer upon being plugged in. Instead, tell all of your employees to turn unknown drives into your IT department for further evaluation.
Likewise, when storing information on jump drives, take advantage of security features. For example, encrypt the data before putting it on the thumb drive. That way, if the drive is lost or stolen, whoever gains possession won’t be able to access the information.
Make sure that your employees, and yourself, aren’t using personal USB devices on your corporate computers either. You should keep all personal and business drives separate.
Another good option is to disable AutoRun or AutoPlay. Many computers have this feature on by default because it’s convenient. If there’s malicious software on a CD, USB drive or SD card, though, the computer will run it before you can even scan it for viruses. Disabling AutoRun gives you a chance to check the removable media files first.
Lastly, make sure that all of the security software on your company’s computers are up to date. This includes antispyware, antivirus software and firewalls. These programs are your first defense against malicious programs.
Let IconGD Consulting Help
Are you interested in educating your employees about the dangers that could be lurking inside removable media? Let IconGD Consulting teach them about it. We’re a security consulting firm that can assist your business with all of its security needs. Beyond education, some of the security concerns that we can address include:
- Eavesdropping protection
- Vulnerability assessments on your business
- Crime statistics
- Security system evaluations
- And much more
Don’t wait for a security breach to threaten your company. Reach out to IconGD Consulting to solve security issues before they cause a problem.
