Portable USB Devices and their cyber security risks

Portable devices like USB and external hard disks form a part of everybody’d life today. Initially limited to storage devices like CD/DVD and USB, the landscape of portable devices has quickly evolved to contain new devices like Mobile, PDA’s, Tablets etc. However, cyber security risks have always been concerning for portable devices, however these modern devices provide the power of computation in addition to exiting storage capabilities thus complicating the job of security folks.

Cyber Security risks associated with portable devices:

1. Malware/Spyware/Adware

TechAdvisory.org reports that 25 percent of malware spreads through USB enabled devices. The treat vectors for malicious programs like virus, trojans etc. that spread via USB devices is not just limited to computer systems but rather incorporates the holistic IT as well as network infrastructure. Sometimes even the security devices are updated/patched using USB devices which if pre-loaded can render the whole purpose of the device unsuccessful. When system is on a network, such malware may spread horizontally resulting in a data breach.

3. Data Theft

Portable devices often led to the acts of data leakage from organizations as they provide the convenience of copying required data and then re-transferring the same to the desired destination without any traces. In addition to the insiders, hackers can also use social engineering techniques by embedding the portable devices with malicious data and then submitting the same to the target. This device in turn remotely sends that desired information to the hacker without any physical connect.

3. Legal Liabilities

When confidential information is stolen or illicit/objectionable data is introduced on the corporate network through portable storage devices, corporations might become legally liable for any information that is stolen or illicitly introduced.

4. Productivity Loss

The unrestricted use of portable devices may lead to loss of productivity to carry some personal work documents or movies to the office environment, thus skipping the internet restrictions in place.

Recommended practices to minimize these USB security risks 

1. Install anti-virus software that will scan any device that connects to your PC via a peripheral port (such as USB).

2. Never connect a found jump drive or media device to a PC. Give any unknown storage device to security or IT personnel near where you found it.

3.  Disable the Autorun and Autoplay features for all removable media devices. These features automatically open removable media when it’s plugged into your USB port or inserted into a drive.

4.  Secure the data in pen drives using strong encryption mechanisms so that in case of a lost or stolen device, the data cannot be recovered and misused.

5. When you have finished transferring sensitive data from a USB drive, be sure to delete it using a secure delete utility.

6. Consider using jump drives that have an onboard anti-virus capability, which automatically scans both the drive and any computer you plug it into.

7. Create security and acceptable-use policies for all portable media devices, and educate your employees about those policies