In a world where everything seems to be going paperless, it’s easy to forget that most companies still use removable media in the form of CDs, DVDs, flash drives, and more to transfer data back and forth between departments and employees.
This isn’t necessarily bad; transferring data with removable media can be much faster than transferring over the Internet, especially if you’re dealing with large files. However, it does bring with it some security concerns you should know about before you go clicking Send or dropping off your flash drive in the company break room.
Whether you’re using CDs, DVDs, USB thumb drives, or external hard drives, working with removable media can have potentially devastating effects on your network security if you’re not careful about how you handle it.
Cyber Threats of Removable Media
Removable media can be weaponized in different ways, ranging from stealing data to delivering malware. Below we explore some weaponized forms of removable data:
Malware Delivery
Malware is short for malicious software, any program designed to disrupt or gain access to a computer system. Malware can wreak havoc on your computer by infecting or damaging files, sending out spam, scanning your system for bank account passwords, stealing credit card information from unsecured websites that you visit, and much more.
According to a security company, McAfee, over 40% of all malware attacks are delivered via removable media such as USB drives. Malware writers have numerous ways of getting their programs onto unsuspecting computers. Common methods include illegal downloads, infected email attachments, social engineering (tricking users into downloading malware), and USB drives.
Initial Network Access
When you first plug a USB into your computer, you’ll be asked if you want to run files that are on it automatically. This is probably fine for most users—but with security concerns, it’s also important that someone knows what they’re doing before they agree to these requests.
As a security precaution, ask an expert before running any new files off removable media. In addition, never install any software that comes with your USB without proper oversight; hackers have been known to infiltrate computers through bundled programs, so always double-check file names and their origin.
Credential Theft
Indeed, external hard drives, flash drives, CDs, DVDs (and so on) can be easily lost or stolen. For example, if you carry around a USB drive in your pocket all day—or if you have data on removable media—you are likely at risk for credential theft. Thankfully, you can take some preventative measures to lessen your chances of being hacked.
For instance, you should use encryption whenever possible; with encrypted files, unauthorized users will not access information without knowing a password. And don’t forget about physical security; it doesn’t matter how encrypted your files are if someone has easy access to them! This is why proper handling of your device and backups is key.
Data Exfiltration
USBs (as well as CDs, DVDs, etc.) are designed to provide removable storage for a computer. This storage includes data files (Word documents, videos, etc.) and programs that can run off the removable media.
However, because these media are not typically considered secure means of storing sensitive data, you will want to take extra steps to ensure your sensitive information is not lost or stolen if one of these devices is lost or stolen.
These additional steps may include encrypting any data on them, physically securing them, so they aren’t easily removed from their housing, using an encrypted file system (EFS), or disabling AutoRun features. These tips are essential when you have sensitive information such as personal health information, financial records/credit card numbers, or personally identifiable information.
Protecting Against Removable Media Cyber Risks
Although removable media offer convenience, they also present cyber risks. Whether you’re using USB drives to share files with co-workers or CDs/DVDs to distribute marketing materials, there are several ways that these forms of media can expose your company to security breaches. Below are four tips for safeguarding your organization against removable media cyber risks:
Perform Regular Backups
This is especially important if any employee has access to sensitive information on removable media. In addition, if a computer virus infects one of these discs, hackers may be able to use it to infiltrate your system through the back door left open by default installations such as automatic software updates and word processing functions.
Implement Firewalls
Firewalls allow you to control incoming and outgoing traffic on your network, including file transfers via removable media. While some operating systems come preloaded with firewalls, third-party software products like Norton Personal Firewall from Symantec Corp. often provide better protection from unauthorized usage of networking resources. For example, one component of Norton Personal Firewall monitors Internet activity—including downloads—to prevent malware from making its way onto networked computers.
Install Anti-Virus Software and Update Often
Using antivirus software isn’t just about protecting yourself from viruses on physical devices; savvy users scan each document before sending it via email, even if that file originated from a friendlier source.
There are free versions of antivirus programs available online, but we suggest purchasing commercial products because they include additional features designed to protect against external attacks.
Employee Security Awareness Training
It’s much easier for someone to walk out of an office with a USB, CD, or DVD in their pocket than you might think. If it isn’t encrypted, anyone can read anything off of it. For your business’ security awareness training, advise employees never to store sensitive information on removable media such as USB drives, CDs, or DVDs.
Disallowing Use of Removable Media
Once a computer is connected to an internal network, it is at risk of data being copied by unauthorized users. Any removable media can be used to copy files from your computer. Whether physical or virtual access, a malicious user can use any method available to copy files off of your system.
You must protect your environment by disabling removable media devices such as USB drives, CDs/DVDs, Zip disks, or Floppy disks to be on the safer side
We’re Ready When You Are
If you’re still worried about a physical security breach, avoid storing sensitive data on removable media. If you must use a flash drive to transfer data, encrypt your information first; that way, if someone happens to find your device and steals it, they won’t be able to access anything on it.
And don’t forget to sign out of your accounts after finishing work-related tasks. For example, when exiting an office computer system or Web browser, log off or close all documents properly—instead of simply ejecting a flash drive or yanking out a USB cable. This is good practice and proper IT etiquette: It helps maintain secure systems by ensuring nobody leaves behind-the-scenes traces behind.
Whether you need help brainstorming ideas or developing an entire plan of action on cybersecurity —contact us today for FREE quotes and consultations.