USB drives are a security nightmare. From losing files, to sharing them inadvertently, or accidentally installing something malicious, these tiny handheld digital storage grenades are a data-protection disaster waiting to happen.
Many people can’t help themselves. Sometimes it’s just so useful to be able to move a file to a separate computer, or carry a copy of that file on a handy keyring.
It’s true that too many operating systems auto-run memory sticks. As users we could perhaps be more careful though – find a USB and it’s tempting to plug it in… a 2016 University study suggested roughly half of those who find a memory stick on the ground will plug it in without thinking.
In particularly data-sensitive environments options are available to either disable PC USB ports, or remove them from a PC entirely. At the very least, businesses preparing for this summer’s new GDPR regulations need to take some sensible USB security precautions:
1. Be strict.
Ask yourself whether it’s entirely necessary to put this file on a memory stick, and be harsh about what files you copy. Memory sticks now hold terabytes of data, and are too easy to drop, or leave on the train.
GDPR is naturally concerned with sensitive personal data, and not your supermarket shopping list. Nobody ever intends to lose a file full of personal data, so you should think twice before putting the former on a USB drive, while the latter is probably OK.
2. Don’t allow easy access to your network.
USB based viruses come in a variety of forms – from cheap foreign spyware purchased online, to the fascinatingly complex (and probably Western-sponsored) ‘Stuxnet’ worm which famously sabotaged the Iranian nuclear program with planted USB drives in 2011.
The best antivirus softwares (for example Lineal’s recommended ESET antivirus) automatically offer to scan a newly connected memory stick for malicious software, before the user accesses the files. This only takes a few seconds, but it’s strongly advised to let your antivirus act as gatekeeper for a USB stick, as you would your emails or web browsing.
3. Sharing is not caring
Sharing files via memory sticks is not sensible, not least because you’re forced to share the whole contents, including the ability to duplicate files.
You can’t be certain what any given person will do with the USB drive or its data, or what the person giving you a memory stick might have done with it previously, so it’s safer to confine USB drives to a specific individual.
4. Get something better
The world of IT is full of better solutions, including Apple’s useful ‘Airdrop’ function which allows direct, localised file sharing over WiFi. For company-wide systems, numerous excellent cloud-based file storage and sharing platforms are available. Microsoft’s excellent OneDrive platform is easy to use from any device, and allows businesses to share files online via the cloud, with customisable permissions to control who has access to the data at any time.
A USB drive should not be necessary to complete routine IT tasks. Thank goodness.