USB Drives - Beware!!

As technology advances, so do the risks! USB Drive/memory sticks came on the market a few years ago and could only hold a small amount of data. Now they can hold a significant amount of data and they are being used everywhere! The problem now is the increased likelihood that sensitive data can be lost or stolen or the devices can be used to inject viruses or other malware into computers. Data from a USB can be loaded onto a workstation without restriction, bypassing firewalls and other network defenses.

There is an interesting account of a consultant who was hired to probe the security of a credit union. Early one day he scattered 20 USB drives – disguised as promotional items- in the parking lot of the credit union. Each drive was infected with a virus that, when inserted into the SUB port, would send critical data back to the consultant. Amazingly, 15 of the drives were picked up by employees – all of whom subsequently plugged them into their computers. The software on each drive loaded itself onto the PC and the consultant received enough data not only to gain access to the infected PC but other systems on the credit union’s network as well!

If you need to use USB drives as part of your day-to-day business, then disk encryption software or a secure USB drive may be your best bet. Having a good security policy in force that addresses the use of these drives and other “outside software” being loaded onto company computers is not a bad idea either! It's important for you to consider your insurance policies – do you have anything on your business policy that would cover you if an employee did damage of this nature? Things to think about!