This Monday I awoke at 3am with excruciating stomach pain. My wife made dinner the night before, so crying food poison wasn’t an option. I hoped it would just go away, but 5 hours later I found myself in the cozy comforts of the ER where I learned my gallbladder needed to be removed—emergency surgery!
I thought to myself, how do you just remove a body part like that? And what kind of impact will it have on my life? Turns out you don’t really need your gallbladder anyways—your body can work just fine without it.
In the end, something I was using every day, that I didn’t really need, ended up causing me tremendous pain. Similar to using a USB thumb drive.
Most of us have been to tradeshows where free USB keys are handed out in droves. Sales folks touting that they’ve preloaded the key with all the sales brochures and presentations that are going to make you the hero at the next company meeting.
Have you ever considered that friendly sales rep. may have inadvertently transferred a malicious file?
The reality is, if the system used to load materials on the USB drive is infected, that key may very well be too. In most cases, people head home from the show and insert that USB key in their computer without considering where it came from and how easily it could be carrying a virus. There’s no bad intent here, it just happens.
Unfortunately, sometimes there is bad intent.
A study* was conducted at the University of Illinois Urbana-Champaign where 297 USB drives were dropped around campus. Almost half were picked up and plugged into computers, some within minutes. It's a pretty easy method used by attackers, simply planting these little guys in public places. And once plugged in by the unsuspecting target, systems and networks are opened to infection and unauthorized access.
It’s an exciting moment finding a USB drive in the company parking lot or at the local coffee shop. You can’t help but ponder what files or pictures might be on there. You know what they say, curiosity killed the cat. Don’t be the cat!
The cost of convenience can be very high.
Sure, we love the USB key form factor, but that also makes them easy to misplace. And since it’s not uncommon to use them for storing important—and sometimes confidential—files, the risks are high. Especially as we find ourselves working fast and furious; on the train, in the airport, at the coffee shop. So easy to lose something, leaving the recipient with our important data and leaving us stuck without the ability to wipe or locate it.
USB thumb drives are extremely risky, it’s just not worth it.
Consider banning USB thumb drives as authorized storage devices in your organization—this can even be enforced through technology. There are certainly other, safer methods that can be used and those options should be seriously considered and made into policy.
If your organization must use USB keys, use ones that are encrypted, establish data controls as to what can be put on those drives, and never share keys between organizations.
Always work to create a CyberSmart environment through an ongoing program of employee awareness where everyone understands the risks and proper uses of your technology and devices—especially those nifty little USB thumb drives. Remember: Cybersecurity isn't a project, it's a posture.
Your Friends @ Launch Security
[*SOURCE: Elie Bursztein]