Gallbladders and USB Thumb Drives: Things You Can Live Without

This Monday I awoke at 3am with excruciating stomach pain. My wife made dinner the night before, so crying food poison wasn’t an option. I hoped it would just go away, but 5 hours later I found myself in the cozy comforts of the ER where I learned my gallbladder needed to be removed—emergency surgery!

I thought to myself, how do you just remove a body part like that? And what kind of impact will it have on my life? Turns out you don’t really need your gallbladder anyways—your body can work just fine without it.

In the end, something I was using every day, that I didn’t really need, ended up causing me tremendous pain. Similar to using a USB thumb drive.

Most of us have been to tradeshows where free USB keys are handed out in droves. Sales folks touting that they’ve preloaded the key with all the sales brochures and presentations that are going to make you the hero at the next company meeting.

Have you ever considered that friendly sales rep. may have inadvertently transferred a malicious file?

The reality is, if the system used to load materials on the USB drive is infected, that key may very well be too. In most cases, people head home from the show and insert that USB key in their computer without considering where it came from and how easily it could be carrying a virus. There’s no bad intent here, it just happens.

Unfortunately, sometimes there is bad intent.

A study* was conducted at the University of Illinois Urbana-Champaign where 297 USB drives were dropped around campus. Almost half were picked up and plugged into computers, some within minutes. It’s a pretty easy method used by attackers, simply planting these little guys in public places. And once plugged in by the unsuspecting target, systems and networks are opened to infection and unauthorized access.

It’s an exciting moment finding a USB drive in the company parking lot or at the local coffee shop. You can’t help but ponder what files or pictures might be on there. You know what they say, curiosity killed the cat. Don’t be the cat!

The cost of convenience can be very high.

Sure, we love the USB key form factor, but that also makes them easy to misplace. And since it’s not uncommon to use them for storing important—and sometimes confidential—files, the risks are high. Especially as we find ourselves working fast and furious; on the train, in the airport, at the coffee shop. So easy to lose something, leaving the recipient with our important data and leaving us stuck without the ability to wipe or locate it.

USB thumb drives are extremely risky, it’s just not worth it.

Consider banning USB thumb drives as authorized storage devices in your organization—this can even be enforced through technology. There are certainly other, safer methods that can be used and those options should be seriously considered and made into policy.

If your organization must use USB keys, use ones that are encrypted, establish data controls as to what can be put on those drives, and never share keys between organizations.

Always work to create a CyberSmart environment through an ongoing program of employee awareness where everyone understands the risks and proper uses of your technology and devices—especially those nifty little USB thumb drives. Remember: Cybersecurity isn’t a project, it’s a posture.

Stay Safe,

Your Friends @ Defendify

[*SOURCE: Elie Bursztein]

Resources & insights

Why You Could Be Denied Cyberattack Insurance Coverage
Blog
Why You Could Be Denied Cyberattack Insurance Coverage
As you’re working toward achieving robust cybersecurity, the subject of cyber attack insurance coverage is sure to enter the discussion. Maybe you’ve already delved into this topic, as cyber insurance has become an essential cornerstone of every information security program. Many overriding factors will affect your ability to obtain and retain the coverage you need at a reasonable rate—and a successful approach is tied closely to a comprehensive cybersecurity posture.
Cost of a Cyberattack vs. Cybersecurity Investment
Blog
Cost of a Cyberattack vs. Cybersecurity Investment 
Detailing the cost of a cyberattack versus the ROI of a cybersecurity investment enables leadership to see cybersecurity solutions are worth it.
Defendify Listed as a High Performer in Six G2 Grid Categories
Blog
Defendify Listed as a High Performer in Six G2 Grid Categories
The Defendify Cybersecurity Platform has been listed as a High Performer in six Summer 2022 Data Security Software Category Reports on the technology review site G2.

Protect and defend with multiple layers of cybersecurity

Faster. Smarter. Stronger.

Explore layered
security

Learn more about Defendify’s three key layers and All-In-One cybersecurity.

How can we help?

Schedule time to talk to a cybersecurity expert to discuss your needs.

See how it works

See how Defendify’s platform, modules, and expertise work to improve security posture.