USB Flash Disks: A modern day business curse?
Is the small USB drive that’s resident in many professionals’ pockets these days actually housing a major security threat? We investigate…
ActionSo how are companies reacting to it? Simply by, in many cases, disabling USB ports on computers. It may sound draconian, but the USB port is a gateway for the user to bring external storage devices into a controlled network environment. Even though the odds of damage being done tend to be slim, it's still a problem, and a very real vulnerability.
In some ways, it harks back to the days when network administrators banned floppy disks from being used on their systems, even to the point of removing the drives in the first place. Floppy disks were an unpredictable threat, and one that was often dealt with in a zero tolerance manner precisely for that reason, to the choruses of grumbles from employees who went home at 5pm on a Friday night, not to be seen again until 9am the following Monday.
Paranoid? Perhaps, but not without good reason. Because after all, so far we've simply discussed accidental damage, data loss or security compromises. What if a disgruntled employee was actively looking to use a USB drive to either cause deliberate damage, or to walk away with valuable data? If it's the latter, imagine how much they could get away with were it a 30GB MP3 player that was hooked up, rather than 1GB flash drive. How many customer records would that cover?
Perhaps, with that in mind, zero tolerance is the only approach. It's unsurprising that this strategy is being directed towards USB ports, given that even the most conscientious of employees seems to want to use them for everything from data transfer and plugging in their MP3 player, through to charging their mobile phone.
Ignorance is blissPerhaps the biggest problem of all, though, is that many network managers are ignoring it, or aren't even aware of the risk.
This is playing a dangerous game. When you read stories such as that of the LiarVB-A worm, a piece of malware that actively hunts down removable drives and writes itself to them, then it has to set alarm bells blaring. The payload of LiarVB-A was harmless, as it was intended to spread information about HIV and AIDS, but the next worm that comes round could be the one to cause widespread network destruction.
Of course, all this aside, there is an upside to the flash disk, and used in the right way, with the right protection, it's arguably the most convenient form of physically porting data around that's ever existed.
But it's also, equally arguably, the most uncontrolled way of shifting data around that's currently available, and the sheer convenience of having so much storage on such a small device is blinding many to the inherent threats. For many, they simply leave too many doors open to even consider taking the risk of allowing them near a corporate PC.
Not for nothing are some organisations referring to the drives as the enemy within'. And not for nothing are those who are ignoring the threat advised to address it sooner rather than later.
In This Article
Application security fallacies and realities
Web application attacks are the most common vulnerability, so what is the truth about application security?Download now
Your first step researching Managed File Transfer
Advice and expertise on researching the right MFT solution for your businessDownload now
The KPIs you should be measuring
How MSPs can measure performance and evaluate their relationships with clientsDownload now
Life in the digital workspace
A guide to technology and the changing concept of workspaceDownload now