USB Flash Disks: A modern day business curse?

Is the small USB drive that’s resident in many professionals’ pockets these days actually housing a major security threat? We investigate…

ActionSo how are companies reacting to it? Simply by, in many cases, disabling USB ports on computers. It may sound draconian, but the USB port is a gateway for the user to bring external storage devices into a controlled network environment. Even though the odds of damage being done tend to be slim, it's still a problem, and a very real vulnerability.

In some ways, it harks back to the days when network administrators banned floppy disks from being used on their systems, even to the point of removing the drives in the first place. Floppy disks were an unpredictable threat, and one that was often dealt with in a zero tolerance manner precisely for that reason, to the choruses of grumbles from employees who went home at 5pm on a Friday night, not to be seen again until 9am the following Monday.

Paranoid? Perhaps, but not without good reason. Because after all, so far we've simply discussed accidental damage, data loss or security compromises. What if a disgruntled employee was actively looking to use a USB drive to either cause deliberate damage, or to walk away with valuable data? If it's the latter, imagine how much they could get away with were it a 30GB MP3 player that was hooked up, rather than 1GB flash drive. How many customer records would that cover?

Perhaps, with that in mind, zero tolerance is the only approach. It's unsurprising that this strategy is being directed towards USB ports, given that even the most conscientious of employees seems to want to use them for everything from data transfer and plugging in their MP3 player, through to charging their mobile phone.

Advertisement - Article continues below
Advertisement - Article continues below

Ignorance is blissPerhaps the biggest problem of all, though, is that many network managers are ignoring it, or aren't even aware of the risk.

This is playing a dangerous game. When you read stories such as that of the LiarVB-A worm, a piece of malware that actively hunts down removable drives and writes itself to them, then it has to set alarm bells blaring. The payload of LiarVB-A was harmless, as it was intended to spread information about HIV and AIDS, but the next worm that comes round could be the one to cause widespread network destruction.

Of course, all this aside, there is an upside to the flash disk, and used in the right way, with the right protection, it's arguably the most convenient form of physically porting data around that's ever existed.

But it's also, equally arguably, the most uncontrolled way of shifting data around that's currently available, and the sheer convenience of having so much storage on such a small device is blinding many to the inherent threats. For many, they simply leave too many doors open to even consider taking the risk of allowing them near a corporate PC.

Not for nothing are some organisations referring to the drives as the enemy within'. And not for nothing are those who are ignoring the threat advised to address it sooner rather than later.

Featured Resources

What you need to know about migrating to SAP S/4HANA

Factors to assess how and when to begin migration

Download now

Your enterprise cloud solutions guide

Infrastructure designed to meet your company's IT needs for next-generation cloud applications

Download now

Testing for compliance just became easier

How you can use technology to ensure compliance in your organisation

Download now

Best practices for implementing security awareness training

How to develop a security awareness programme that will actually change behaviour

Download now

Most Popular

Microsoft Windows

What to do if you're still running Windows 7

14 Jan 2020
operating systems

17 Windows 10 problems - and how to fix them

13 Jan 2020
Microsoft Windows

Memes and Viking funerals: The internet reacts to the death of Windows 7

14 Jan 2020

Dell XPS 13 (New 9300) hands-on review: Chasing perfection

14 Jan 2020