It’s one of your many nightmares as an IT director. An employee is walking along and finds a flash drive in the company parking lot. They want to be a good Samaritan and return the flash drive to its owner. In their mind, it’s possible that someone could have accidentally dropped it. Maybe it has important work on it. They can’t just keep it, right?
They go back to their office and plug the USB drive into their computer to see if any identifying information exists.
This is your nightmare!
We’d like to think an employee wouldn’t do that. However, KnowBe4 reports that, on average, 45 percent of users will plug in USB drives that they find laying around. Cyberattackers are known to leave malicious USB drives in public places, taking advantage of people’s curiosity, willingness to help, and even greed (it’s frustrating that some people actually think, “Ooh! A free USB drive!”).
Similar USB drive threats include employees buying USB drives from untrusted sources or vendors, assuming USB drives picked up at conferences are legitimate, and swapping USB drives too often with other employees. Each of these scenarios increases the risk of a malware infection if these USB drives are plugged into computers.
The reason USB drives cause such nightmares is the ease with which a cyberattack can be launched through the injection of malicious code, keystrokes, and links that lead to phishing sites. Through a USB drive, cyberattackers can easily leverage common autorun features on operating systems, bypass antivirus tools, and socially engineer people to get them to take actions that allow unauthorized access to a computer. It’s an easy shortcut where criminals get people to do their hacking work for them.
The National Cyber Security Alliance recommends six ways to make sure that your removable media or storge devices don’t mess up your organization.
- Use media such as flash drives and SD cards only if you trust them 100 percent.
- Make sure you have antimalware software installed on your computers, and keep this software up to date.
- Disable autorun features on your operating system.
- Delete data on your computer, media, or device once its usefulness has expired.
- Use strong passwords and rotate them if you suspect they’ve been compromised.
- Encourage the use of USB data blockers. (Here’s a helpful article describing how they work.)
So, let your good Samaritan employees know that if the USB drive most likely belongs to someone, they should probably try to turn it into your company’s lost and found—preferably with this list attached to it!