Is removable media a threat?
30 April 2022
Removable media refers to portable storage devices that can be removed from a computer, network or information system whilst the system is running. These include pen / thumb drives, external hard drives, memory cards, digital cameras, mobile devices, DVDs and CD ROMs.
These devices are cost effective, available in various sizes and provide quick and convenient storage and transfer of data. However these devices are capable of introducing many security risks to computers / the network. Some of the risks include:
Malware: In 2020, a Tesla employee was offered one million dollars to spread malware within the company’s IT systems using an infected USB drive. This suggests that removable media devices are significant threat vectors as malicious software can be installed on removable devices and easily transferred to a network. A study by the University of Michigan found that about 45% of USB drives found were connected to a computer to inspect the contents. Cyber criminals are continually developing creative ways of introducing malware to organisations such as distributing malicious removable media devices at events as souvenirs / corporate gifts; dropping them in public locations with catchy labels etc.
Autorun: Some operating systems automatically run removable media devices when inserted to provide users with convenience of automatic software response. However, this capability can be exploited by cybercriminals. Malware can be introduced to the network by simply inserting a removable media device enabling cybercriminals gain a foothold in your company’s network
Data loss: Removable media devices are typically small as a result can very easily be lost or stolen thereby compromising large volume of sensitive information
Reputational loss: Security breaches can impact stakeholder confidence resulting in significant reputational damage to an organisation. Furthermore, organisations can lose money as a result of reputational damage and could be subjected to regulatory fines.
Several measures can be put in place to mitigate the risks associated with removable media. These include the following:
Disallow / limit the use of removable media devices
Repeatedly conduct employee security awareness training
Disable Autorun feature on all computers
Encrypt removable media devices
Implement access controls to protect the data on removable media devices using password protection
Lock removable media devices securely away when not in use
Install, run, and update anti-malware / anti-virus software on your computer
Delete data on removable media devices once its usefulness has expired