USB Drive Security

A popular way of storing or transporting data is the USB drive.  The features that make it so popular also make it risky.

USB drives (thumb drives) are small, inexpensive, and portable.  These characteristics make them a popular choice for users but they also make them a popular choice for attackers.

One way an attacker uses a USB drive to infect other computers is to place malicious code on the USB drive and place it where someone will “find” it.   The attacker is anticipating that someone will find the USB device and insert it into a computer to view the contents and identify the owner.  Once the user clicks on a file the malware will run.  Once the malware runs, they have infected your computer. 

Another way an attacker uses a USB drive is to steal information directly from a computer.  If an attacker can gain access to a computer, they can download sensitive data onto the USB drive. 

The most common risk is for the USB drive to be lost or stolen.  If the data was not backed up, the loss of a USB drive can mean hours of lost work and the potential that the information cannot be replicated. If the USB drive was not encrypted the data can be accessed by anyone.

How can you protect your data?

  • Take advantage of security features – Use passwords and encryption to protect the data on your USB drive.  Also, backup the data in case the drive is lost or stolen.
  • Keep personal and business USB drives separate - Do not put a personal USB drive in your business computer and do not plug a USB drive with business information into your personal computer.
  • Do not plug any unknown USB drives into your computer – If you find a USB drive, give it to the appropriate authorities (your organizations’ security personnel or IT department).  Do not plug it in to view the contents.
  • Disable autorun – Autorun causes removable media (CDs, DVDs, and USB drives) to open automatically when inserted into a computer.  By disabling Autorun, you can prevent malicious code from running automatically.