USB Flash Drives: A Forgotten Security Concern

Sue Marquette Poremba
Slide Show

Security and Compliance: Violations and Lack of Confidence Are Widespread

Before the cloud became so accessible to the average user, I used flash drives daily. I used them as an extra backup system for my photos and important documents, but more importantly, I used them to work on a single project on different computers. I found it was a lot easier to save the documents needed on a flash drive and transport them from desktop to laptop to netbook and back again, rather than depend on sending them via email. Working on the flash drive meant I didn’t need to be dependent on having an Internet connection. Now, I can do all of that more easily using Dropbox (although, the night I lost my Internet connection and didn’t realize it, having a flash drive would have saved me the time of rebuilding the work that unknowingly didn’t get saved).

Flash drives are now inexpensive and made to appeal to certain audiences — animal shapes for kids, sports logos for fans, etc. They make great stocking stuffers, especially from relatives who know you are “always on the computer.” And they are still useful for anyone who does need to transport documents from one computer to another when the cloud isn’t an option.

For that reason, this is a good time to send out reminders that USB drives can be a security problem. Not too long ago, this was a major topic when discussing network security because everyone used them. Just because they aren’t used as much doesn’t mean the problems have gone away. Flash drives remain a massive point of exposure for sensitive data and are commonly overlooked from a security standpoint. If non-encrypted USB drives are lost or stolen, a whole slew of negative consequences can result, including non-compliance issues, fines, financial loss and lack of customer trust. Stuxnet is a perfect example of a USB-based virus with a costly impact. And the bad guys are still turning to this style of infection. As Stephen Cobb wrote in the ESET blog:

Why do the bad guys continue to write malicious code that spreads via USB drives? The simple answer is that this infection vector still works, probably because people keep plugging their USB drives into a variety of under-protected computer systems, when they are traveling, during sales presentations, at conferences, for tradeshow demos, and so on.

Malicious code can also land in a flash drive shaped like a bunny or one decorated with fake jewels and other sparkles. Suggest that any new flash drive be given a good security check (a lot of AV software allows you to run a check on a specific drive) and remind staff of any security regulations involving flash drives. Without taking precautions, the flash drive in your stocking might as well be a lump of coal.



Add Comment      Leave a comment on this blog post
Apr 13, 2014 8:40 PM kakasoft kakasoft  says:
I stored many important data in my USB, so I think USB security is important. I used to use "bitlocker", "TrueCrypt", kaksoft folder protect to password protect my USB drive. Reply
Aug 4, 2014 10:29 PM Get USB Drives Preloaded with Password Protection Get USB Drives Preloaded with Password Protection  says:
USB drives are the best of transferring data or sharing files especially when you don’t have an internet connection. For security reason you can protect them by locking them with a password. Some manufacturers provide USB drives with pre-loaded software of password protection & encryption. Reply

Post a comment

 

 

 

 


(Maximum characters: 1200). You have 1200 characters left.

 

 

Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.


 
Resource centers

Business Intelligence

Business performance information for strategic and operational decision-making

SOA

SOA uses interoperable services grouped around business processes to ease data integration

Data Warehousing

Data warehousing helps companies make sense of their operational data


Thanks for your registration, follow us on our social networks to keep up-to-date