We've all used USB Thumb Drives / Memory Sticks. In fact, you probably have a few in your desk drawer or computer bag. And, if you're like most people, you haven't realized how risky the use of these devices is for your data and your organization.
We asked Joe Dylewski of ATMP Solutions, a Michigan-based firm specializing in compliance for HIPAA, ISO 27001, NIST and other technology and data related regulations, about the risks associated with the use of portable media. Here's what he had to say:
"Over the last 20 years, storage and portable media technology has evolved and decreased in price. The usage of portable media has increased as it has become an easy method of moving files and backing up data. However, with the portability of information, risks have surfaced.Examples of “Portable Media”:
- USB Memory/Jump Drives/Memory Sticks
- SD Cards – used in cameras, mobile phones and tablets
- External Hard Drives
There are a few key points to consider when using portable media:
- Data Loss – because the capacity of portable media continues to increase, the ability to move mass amounts of sensitive data, and the risk, also increases proportionally.
- Introduction of Malicious Code – a significant amount of infectious code is transferred using portable media.
- Theft – due to the size of the portable media, it is very easy for a malicious actor to pick up one of these devices unnoticed. Often, these devices are left on our desk, in our car, or in an unsecured area.
When using portable media, consider the following safeguards:
- Avoid using unidentifiable storage devices – never connect or insert unidentifiable portable media to a workstation, tablet, laptop, phone or other computer. If it is not your device and can not be specifically identified, allow your IT department to thoroughly scan and investigate the contents. This can and should be done in a segregated, secure environment.
- Allow your virus protection software to scan portable media - your anti-malware software should be configured to automatically scan any device that is connected to your computer
- Disable the autorun features – often, malicious code is inserted in the programs that execute from the auto-run feature. Disable this functionality and allow your software to scan the device before executing any program.
- Keep business and personal data separated – prevent the co-mingling of personal and business use of portable media.
- When possible, use strong encryption on portable media devices – encryption allows an element of password protection and renders the data on the portable media unreadable if accessed inappropriately.
- Purge data from portable media when it is no longer needed – the less information stored on a portable device, the better. Once the media has been used and files are no longer necessary, format the drive and ensure that no residual instances of the information remain on the device."
At CloudSAFE, our policy prohibits and prevents the use of external drives. While this may seem extreme, it eliminates the risks associated with such devices. We've all picked up thumb drives at events. I've seen people pick up thumb drives that they've found laying on the ground. And, we use these without knowing what's on them. That puts our organizations at great risk.
Do you find this shocking? We don't. Statistics show that most virus or malware infections happen when people take actions that common sense should tell them not to take. Our recommendation - refrain from using portable storage devices and, if you do use them, follow Joe's suggestions.
Image courtesy of Shutterstock / SK Herb
Are you using thumb drives or external hard drives as a means of backing up your data? If you are, you should consider a safer, more secure option such as Backup as a Service. If you'd like to learn more about data backup and recovery options, CloudSAFE has created this one-page brief which reviews the need for off-site backup and the options an organization has to protect themselves. You can view it below.