"One simple USB stick can ruin your whole company!" Sounds dramatic doesn’t it? But it is true! USB memory sticks (also known as flash drives, pen drives, thumb drives, or key drives) are generally known as the handy way to copy, transport, or store data backups. But, USBs have become so cheap and easy to manufacture (or to knock off) that they are quickly becoming a dangerous tool for hackers to use to gain access to your passwords and valuable data. For as little as $45 a USB stick can be purchased that is able to access passwords, data and other valuable information. It can be a nightmare situation when the right technology makes its way in to the wrong hands!
Here are some things to keep in mind and some suggestions to keep your data protected:
- A USBs small size makes them easy to leave behind or lose when transferring data. Keep this in mind when allowing staff permission to use USBs.
- USBs are cheap to buy and small to carry, thereby offering disgruntled employees a quick and easy way to leave a company with the entire customer database (and more).
- In older operating systems the AutoRun feature could result in easy malware infections with little user involvement.
- As mentioned above, USBs can be “hacked” and loaded with specialist software such as keyloggers or packet sniffers or even used to crack passwords on unprotected computers.
- Keep USBs used at work and home separate to avoid malware infections between machines.
- If you find a USB stick do not plug it into your computer to look at the files in the hope of locating the owner, it may be intentionally discarded to encourage infection or gain access to a business computer.
- If you’re using these small devices to store backups or transfer sensitive information, make sure the data or the stick itself is encrypted or has a strong password.
- Never use “free” USBs. Use only USBs from a trusted source/manufacturer.
- Reduce USB stick privileges and don’t allow scripts and/or power shell to local users.
- In work environments consider additional physical security, for example preventing unauthorized people from having any access (even briefly) to staff computers to avoid data being accessed or stolen or unwanted logging of passwords.
- If you work with sensitive data consider disabling all employee machines from running USB drives. This prevents this methods of copying business information and will also prevent malware from home computers infecting work machines.
We hope this has provided some valuable information about USB sticks and how to keep yourself protected.