Before the cloud became so accessible to the average user, I used flash drives daily. I used them as an extra backup system for my photos and important documents, but more importantly, I used them to work on a single project on different computers. I found it was a lot easier to save the documents needed on a flash drive and transport them from desktop to laptop to netbook and back again, rather than depend on sending them via email. Working on the flash drive meant I didn’t need to be dependent on having an Internet connection. Now, I can do all of that more easily using Dropbox (although, the night I lost my Internet connection and didn’t realize it, having a flash drive would have saved me the time of rebuilding the work that unknowingly didn’t get saved).
Flash drives are now inexpensive and made to appeal to certain audiences — animal shapes for kids, sports logos for fans, etc. They make great stocking stuffers, especially from relatives who know you are “always on the computer.” And they are still useful for anyone who does need to transport documents from one computer to another when the cloud isn’t an option.
For that reason, this is a good time to send out reminders that USB drives can be a security problem. Not too long ago, this was a major topic when discussing network security because everyone used them. Just because they aren’t used as much doesn’t mean the problems have gone away. Flash drives remain a massive point of exposure for sensitive data and are commonly overlooked from a security standpoint. If non-encrypted USB drives are lost or stolen, a whole slew of negative consequences can result, including non-compliance issues, fines, financial loss and lack of customer trust. Stuxnet is a perfect example of a USB-based virus with a costly impact. And the bad guys are still turning to this style of infection. As Stephen Cobb wrote in the ESET blog:
Why do the bad guys continue to write malicious code that spreads via USB drives? The simple answer is that this infection vector still works, probably because people keep plugging their USB drives into a variety of under-protected computer systems, when they are traveling, during sales presentations, at conferences, for tradeshow demos, and so on.
Malicious code can also land in a flash drive shaped like a bunny or one decorated with fake jewels and other sparkles. Suggest that any new flash drive be given a good security check (a lot of AV software allows you to run a check on a specific drive) and remind staff of any security regulations involving flash drives. Without taking precautions, the flash drive in your stocking might as well be a lump of coal.