The U.S. Department of Homeland Security recently tested their staff’s security knowledge by dropping USB flash drives in their parking lots. Of those who picked up the “lost” devices, 60% plugged them directly into office computers to see what was on them.
Are you having nightmares yet? Another study of 300 IT professionals revealed that 78% had plugged in a USB drive that they had found lying around. A separate Ponemon study found that 70% of recorded stolen information was taken via USB drives. Even Edward Snowden reportedly smuggled his leaked data using a USB device.
Perhaps in the excitement over securing our data stored on the cloud, we have overlooked USB threats. What can we do to stay safe?
- Make sure you have a company policy and education program. This alone won’t stop security breaches, but it is an essential first step.
- Provide ways for employees to share large files that won’t send via email. This can help prevent the use of USB drives with larger capacities.
- Prohibit the use of personal USB devices in the workplace. You might consider using a system to register these company USB devices to prevent unauthorized use, and also remotely lock and delete their contents.
- If you are in an industry with very sensitive information, you might dedicate one employee and/or one machine for the use of external USB drives. This allows for an isolated scanning process that isn’t possible on all company machines.
- Install a port-control solution on your computers to prevent the use of non-authorized USB drives altogether.
- Remember that iPhones, iPods and other mobile devices that charge via USB can also be used to transfer harmful or sensitive data. Encourage employees to charge these devices with a wall outlet, not their computers.
What methods do you use to ensure USB devices are safe for use in your company’s computers?