USB flash drives have been around for the last 20 years and are still prevalent in day to day activities. These small and relatively inexpensive gadgets have allowed us to copy, store and transfer information making client presentations, large file sharing and work from home efforts much easier. But there is not an IT person around that doesn’t know they come with their fair share of security risks.
Why USB thumb drives are a threat
First and foremost, a USB thumb drive can contain malicious firmware. Firmware is what allows the technology to function. When the firmware has been tampered with a myriad of things can happen including corrupting files, recording key strokes and acting as a flash drive while also reserving the right to do other things.
Another reason these little gems are such a security threat is that they are not encrypted. Using an unencrypted thumb drive is basically the equivalent of carrying around physical copies of all the sensitive information stored on them. Combine that with the fact that thumb drives are like hard drives in that after they are wiped and the files deleted the information is not necessarily gone. This makes disposing of one an extremely sensitive matter.
Protect Your Business with a Policy
If you talked to a security expert and told them that you had no procedures in place for employees taking home sensitive files or throwing away documents without shredding them, it’s likely that they would laugh you out of the room. So why would you do the same for thumb drives? From a risk management perspective businesses should have clear company policies about their usage which can help remove the risk before it really becomes a problem.
Many businesses have also decided to lock down USB ports for data security as part of their information security program. Using these security measures for protecting information can the be make all the difference in the world when it comes to information assurance. For more information on the proper use and disposal of USB thumb drives and all other information bearing devices, contact the information security experts at DataShield.