Tips: Use Caution With USB Drives -- Security Today

Tips: Use Caution With USB Drives

Feb 28, 2012

What security risks are associated with USB drives? Because USB drives, sometimes known as thumb drives, are small, readily available, inexpensive, and extremely portable, they are popular for storing and transporting files from one computer to another. However, these same characteristics make them appealing to attackers.

One option is for attackers to use your USB drive to infect other computers. An attacker might infect a computer with malicious code, or malware, that can detect when a USB drive is plugged into a computer. The malware then downloads malicious code onto the drive. When the USB drive is plugged into another computer, the malware infects that computer.

Some attackers have also targeted electronic devices directly, infecting items such as electronic picture frames and USB drives during production. When users buy the infected products and plug them into their computers, malware is installed on their computers.

Attackers may also use their USB drives to steal information directly from a computer. If an attacker can physically access a computer, he or she can download sensitive information directly onto a USB drive. Even computers that have been turned off may be vulnerable, because a computer's memory is still active for several minutes without power. If an attacker can plug a USB drive into the computer during that time, he or she can quickly reboot the system from the USB drive and copy the computer's memory, including passwords, encryption keys, and other sensitive data, onto the drive. Victims may not even realize that their computers were attacked.

The most obvious security risk for USB drives, though, is that they are easily lost or stolen. If the data was not backed up, the loss of a USB drive can mean hours of lost work and the potential that the information cannot be replicated. And if the information on the drive is not encrypted, anyone who has the USB drive can access all of the data on it.

How can you protect your data?

There are steps you can take to protect the data on your USB drive and on any computer that you might plug the drive into:

Take advantage of security features. Use passwords and encryption on your USB drive to protect your data, and make sure that you have the information backed up in case your drive is lost.
Keep personal and business USB drives separate. Do not use personal USB drives on computers owned by your organization, and do not plug USB drives containing corporate information into your personal computer.
Use and maintain security software, and keep all software up to date - Use a firewall, anti-virus software, and anti-spyware software to make your computer less vulnerable to attacks, and make sure to keep the virus definitions current. Also, keep the software on your computer up to date by applying any necessary patches.
Do not plug an unknown USB drive into your computer. If you find a USB drive, give it to the appropriate authorities (a location's security personnel, your organization's IT department, etc.). Do not plug it into your computer to view the contents or to try to identify the owner.

Featured

FAST Announces National Security Technician Day Jan. 23

The Foundation for Advancing Security Talent (FAST) has announced the third annual National Security Technician Day, an annual commemorative day held on Jan. 23 to honor security technicians across the country. Read Now
- Dealers and Integrators
Terrorist Kills 15, Injures Scores in New Orleans New Year’s Attack
- Active Shooter
Personal Liability Concerns Impact 70% of Cybersecurity Leaders

BlackFog, provider of ransomware prevention and anti data exfiltration (ADX), recently unveiled its research conducted with UK and US IT Security decision makers. The research revealed that the majority of respondents, 70%, felt that stories of CISOs being held personally liable for cybersecurity incidents has negatively affected their opinion of the role. Read Now
- Cybersecurity
Security Industry Association Announces the 2025 Security Megatrends

The Security Industry Association (SIA) has identified and forecasted the 2025 Security Megatrends, which form the basis of SIA’s signature annual Security Megatrends report defining the top 10 factors influencing both short- and long-term change in the global security industry. Read Now
- Cybersecurity
- Artificial Intelligence

Webinars

Salient Systems, Hanwha Vision (formerly Hanwha Techwin), AtlasIED, Safety Technology International Inc., Omnilert

Building a Unified Approach to School Safety
The Center for Safe and Resilient Schools and Workplaces

Precovery in Action: Proactive Strategies to Promote School Safety and Mass Violence Prevention
Hanwha Vision (formerly Hanwha Techwin), NAPCO Security Technologies, Inc.

Getting Control of your Access

Whitepapers

Salient Systems

A Model for Community Security
Genetec

State of Physical Security 2025
Winsted Corporation

Sit/Stand Consoles: Helping Increase Productivity

New Products

Compact IP Video Intercom

Viking’s X-205 Series of intercoms provide HD IP video and two-way voice communication - all wrapped up in an attractive compact chassis. 3
Automatic Systems V07

Automatic Systems, an industry-leading manufacturer of pedestrian and vehicle secure entrance control access systems, is pleased to announce the release of its groundbreaking V07 software. The V07 software update is designed specifically to address cybersecurity concerns and will ensure the integrity and confidentiality of Automatic Systems applications. With the new V07 software, updates will be delivered by means of an encrypted file. 3
Unified VMS

AxxonSoft introduces version 2.0 of the Axxon One VMS. The new release features integrations with various physical security systems, making Axxon One a unified VMS. Other enhancements include new AI video analytics and intelligent search functions, hardened cybersecurity, usability and performance improvements, and expanded cloud capabilities 3