What are some of the key security risks to be aware of when using USB flash drives and how can you mitigate the threats?
Most of you probably own at least one USB thumb drive, which you typically use either to transfer data or as a backup for sensitive documents. Alternatively, you may like to carry your work with you so you can dive into it at a moment’s notice. So, if you only plug the flash drive into machines you trust, most of the time you should be safe.
Unfortunately, if you’re like most people, you may not always use only trustworthy devices. For example, students tend to use flash drives to print out their study materials and other documents at print shops or libraries. They also tend to allow their classmates to borrow them or pass them around. And these practices aren’t just limited to students. Since you can’t tell how either the print shop or your friends manage their devices, or what their approach to cybersecurity is, you can’t be sure about anything.
If any of those devices has been infested with malware, it’s highly possible that your drive is now infested as well, or your files copied from it for nefarious purposes. When you plug your USB stick into your own computer, then the malware will probably spread to it too. This is known as cross-contamination and is a common way for malicious code to spread.
Another thing you have to watch out for is what data you store on your drives. Although you may consider it highly unlikely, there is always a chance that you may misplace it, or it may be stolen. If that happens: at best, the only loss you incur is the flash drive with some useless data; at worst, it may contain data that can be exploited by whoever found it or stole it.
The above-listed examples are just some of the reasons why some companies, such as IBM, opted to ban removable storage devices altogether. The risks are just too high.
What are your options?
Right off the bat, you should draw a clear distinction between your work and personal flash drives, so if either of them gets compromised, you don’t cross-contaminate your devices. You should also avoid storing personal data on your work flash drive and vice versa.
Another thing you might want to do is encrypt all your sensitive data that you want to load onto your flash drive. So, even if it is ever lost or stolen, no one can access the data and the drive essentially becomes nothing more than a fancy paperweight.
To kick it up a notch, you can also purchase a flash drive that has additional security features, like a hardware security solution in the form of a PIN code or a biometric scanner, as well as built-in encryption. Some of the manufacturers even offer multiple levels of protection such as adding additional encryption and dividing your drive into private and public partitions.
We mentioned the following advice in our recent article about USB flash drives, but repetition is the mother of wisdom. You should disable the Autorun feature on your computer to prevent it from opening any USB drives – especially those that may possibly contain any form of malicious threat.
And never underestimate the value of a reputable endpoint solution, which can go a long way in protecting you against various threats including infested USB drives.
Also, don’t forget to keep all your devices patched and your software updated to the latest versions.
written by Amer Owaida, ESET We Live Security