Hollywood makes secure flash storage look easy. If the bad guy steals a thumb drive, it either blows up or some secret counterintelligence agency wearing dark suits and sunglasses appear as if there’s a GPS tracking device attached to the drive. But then recent NSA secrets leaker, Edward Snowden, allegedly used a USB thumb drive to copy secrets about the PRISM spy program from the US National Security Agency (NSA), and disclose those to the world's media. So things don’t always go boom when they should - or at least some would argue.
Removable media covers a lot of ground - DVDs, USB thumb drives, smartcards, your phone are a few examples. These little devices are so convenient, ubiquitous, even fashionable now days that they have become an integral part of our digital lives. But what are the risks and how can you protect yourself and the firm?
The Risks
When asked to name the three items most often lost or stolen, 39 percent of those surveyed in a 2013 Kaspersky study picked USB thumb drives compared to the 26 percent who named smartphones as a leading risk. Of the most-stolen items, in fact, smartphones barely made the top five, behind flash drives, chargers for mobile devices, other bits of unspecified "office equipment" and manila paper folders.
Have you ever found a thumb drive in the parking lot or at the airport? I’ll bet you thought “my lucky day”. More and more malicious types like to use this “lucky day” against unsuspecting users - leave a drive lying in a public place and wait for their specially crafted software to phone home after you plug the drive in. USB thumb drives have an autorun feature that runs anything, and I mean anything. Remember the StuxNet news that broke in 2010? It’s believed this autorun feature helped spread the virus to systems that had no internet connection.
By default, there is no password protection or encryption of the data stored on removable media. This might be OK for the family photos but not for client related data. If you misplace the a USB thumb drive containing sensitive client information, the firm could be in serious hot water. Globally over 20 000 000 USB flash drives where lost just last. Perkins is on track to hand out roughly 2,000 USB drives this year alone. Do you know where your USB drives are?
What to do
All this might make you wonder why Perkins even allows these little gems in our environment. Carolyn Schmidt, program manager for IT security awareness at the NIST CIO office, one of the agencies responsible for setting information security standards for the federal government, puts it very simply. "Removable media are portable, convenient and easy to use to exchange information, and prohibiting use of all removable media is not reasonable."
There are, however, steps you can take to better manage your removable media use:
- Think about the data you are about to put on removable media. Source Code? Encrypt the drive or encrypt the file before putting it on the removable media. Perkins marketing information that’s available on our web site? Nothing to be concerned about. Service Desk can assist you with encrypting the USB thumb drive or the data, so give them a call if you have questions.
- Keep track of your drives. Because they are so small and easy to carry around, they are also easy to leave behind at Starbucks. Use drives that are brightly colored - something that will catch your eye if it’s lying on the floor. Be very thoughtful about handling the drive - take it out of the pocket in your computer bag, insert it into your computer. When done take it out of the computer and put it into your computer bag in the same place. Seems a little OCD but this way you always know where the drive is.
- Avoid copying sensitive personal data such as your Social Security, credit card or bank account information on removable media.
- Don’t use the same USB thumb drives for home and work to avoid accidentally introducing a virus or mixing client information with personal information.
- Finally, be careful where you get your USB thumb drives from. That drive someone “forgot” in the restroom of the airport may just have an extra-special gift waiting for you to plug into your computer.