The U.S. Department of Homeland Security recently tested their staff’s security knowledge by dropping USB flash drives in their parking lots. Of those who picked up the “lost” devices, 60% plugged them directly into office computers to see what was on them.

Are you having nightmares yet? Another study of 300 IT professionals revealed that 78% had plugged in a USB drive that they had found lying around. A separate Ponemon study found that 70% of recorded stolen information was taken via USB drives. Even Edward Snowden reportedly smuggled his leaked data using a USB device.

Nomad_Soul/Shutterstock.com

Nomad_Soul/Shutterstock.com

Perhaps in the excitement over securing our data stored on the cloud, we have overlooked USB threats. What can we do to stay safe?

  1. Make sure you have a company policy and education program. This alone won’t stop security breaches, but it is an essential first step.
  2. Provide ways for employees to share large files that won’t send via email. This can help prevent the use of USB drives with larger capacities.
  3. Prohibit the use of personal USB devices in the workplace. You might consider using a system to register these company USB devices to prevent unauthorized use, and also remotely lock and delete their contents.
  4. If you are in an industry with very sensitive information, you might dedicate one employee and/or one machine for the use of external USB drives. This allows for an isolated scanning process that isn’t possible on all company machines.
  5. Install a port-control solution on your computers to prevent the use of non-authorized USB drives altogether.
  6. Remember that iPhones, iPods and other mobile devices that charge via USB can also be used to transfer harmful or sensitive data. Encourage employees to charge these devices with a wall outlet, not their computers.

What methods do you use to ensure USB devices are safe for use in your company’s computers?