USB memory sticks (also known as flash drives, pen drives, thumb drives or key drives) are now ubiquitous for being the ultimate handy way to copy, transport or store data backups.
As the price of memory has fallen, it’s now possible to buy 4GB of storage for under $10 making USB drives a cheap and cheerful way to copy information.
- Small size makes them easy to leave behind or lose when transferring data
- Cheap to buy and small to carry, these drives can offer disgruntled employees a quick and easy way to leave a company with the entire customer database and more
- In older operating systems the AutoRun feature could result in easy malware infections with little user involvement
- USBs can be loaded with specialist software such as keyloggers or packet sniffers or even used to crack passwords on unprotected computers
It’s best to keep USBs used at work and home separate to avoid malware infections between machines.
If you find a USB stick do not plug it into your computer to look at the files in the hope of locating the owner, it may be intentionally discarded to encourage infection or gain access to a business computer.
If you’re using these small devices to store backups or transfer sensitive information make sure the data or the stick itself is encrypted or has a strong password.
In work environments consider additional physical security, for example preventing unauthorised people from having any access (even briefly) to staff computers to avoid data being accessed or stolen or unwanted logging of passwords.
If you work with sensitive data consider disabling all employee machines from running USB drives. This prevents this methods of copying business information and will also prevent malware from home computers infecting work machines.
- Microsoft has an update to disable AutoRun in older versions of Windows including Windows XP
- Read about the Panda security USB vaccination
- Read the Privacy Commissioner’s Guidance Note on the Use of Portable Storage Devices