USB drives are extremely popular in business and in personal use, making it easy to store and transfer files. They’re inexpensive, portable, and can hold a ton of information in various file formats.

But the cost of convenience can be high – USB drives can be used to easily transmit malicious files and put company data at risk.

Good Intentions, Not-so-good Intentions

USB drives are a popular giveaway item at trade shows, sales meetings, and other events. They often come preloaded with brochures, presentations, and other useful information. People commonly plug them right in once back to their computer, but often don’t consider what else might be lurking. If a malicious file is buried or hidden among the contents, it can transfer to one’s system.

This certainly isn’t to say that anyone who uses a USB is trying to cause harm – malicious file transfer through a USB is often unintentional. If the device used to load the USB drive was infected, the USB drive may be, too.

Now for malicious intent: USB drives are also a common tool employed by cyberattackers. USB drives can host a wide variety of attacks to steal data, install malware, or destroy the device altogether. Attackers can simply leave infected drives in parking lots, hallways, and public spaces and wait for a curious unsuspecting victim to pick them up and plug them in. Unfortunately, this technique really works: one interesting study showed that 48% of USB drives abandoned on a college campus were plugged in, some within minutes of being dropped.

What’s Lost Can Be Found

Portability is a benefit of USB drives, but it’s also a large contributor to the risk. The small size means that USB drives can be easily lost or stolen, and considering all the sensitive data often stored on these drives, the risks are high.

What if an employee puts confidential information on a USB drive and leaves it at a coffee shop or drops it on the way to their car? Lost USB drives are hard to locate and recover, and if the data isn’t encrypted, it’s compromised – you never know who was curious enough to plug in the lost drive.

USB Smart

With all the secure file transfer solutions available today, encourage your customers to explore safer alternatives to USB drives. For maximum success, be sure they:

  • Include their no-USB decision in their Technology and Data Use Policy
  • Provide employees with alternatives to securely send files
  • Set up peripheral control so company computers won’t recognize USBs even if they are plugged in

If your customers do decide to allow USBs in their business, a few steps can help to minimize their risk:

  • Use only company-owned USBs that are high-quality and encrypted
  • Establish policies and controls around what company data can be put on USBs
  • Never plug a company-owned drive into an outside device
  • Avoid plugging in unfamiliar USBs until the contents are scanned in a sandbox environment

Are your customers aware of the risks of USB drives? Now that is the question.

Stay Safe,

Your Friends @ Defendify

Resources & insights

Why You Could Be Denied Cyberattack Insurance Coverage
Blog
Why You Could Be Denied Cyberattack Insurance Coverage
As you’re working toward achieving robust cybersecurity, the subject of cyber attack insurance coverage is sure to enter the discussion. Maybe you’ve already delved into this topic, as cyber insurance has become an essential cornerstone of every information security program. Many overriding factors will affect your ability to obtain and retain the coverage you need at a reasonable rate—and a successful approach is tied closely to a comprehensive cybersecurity posture.
Cost of a Cyberattack vs. Cybersecurity Investment
Blog
Cost of a Cyberattack vs. Cybersecurity Investment 
Detailing the cost of a cyberattack versus the ROI of a cybersecurity investment enables leadership to see cybersecurity solutions are worth it.
Defendify Listed as a High Performer in Six G2 Grid Categories
Blog
Defendify Listed as a High Performer in Six G2 Grid Categories
The Defendify Cybersecurity Platform has been listed as a High Performer in six Summer 2022 Data Security Software Category Reports on the technology review site G2.

Protect and defend with multiple layers of cybersecurity

Faster. Smarter. Stronger.

Explore layered
security

Learn more about Defendify’s three key layers and All-In-One cybersecurity.

How can we help?

Schedule time to talk to a cybersecurity expert to discuss your needs.

See how it works

See how Defendify’s platform, modules, and expertise work to improve security posture.