Understanding the Risk of using Flash Drives (ACG-CYBER SECURITY BULLETIN NR 31)

However, every individual or organization who relies in flashdrives for key business activities needs to be aware of the range and nature of its corresponding risks. On most computers, the user will be alerted when it is already inserted and ready for use. Contents will appear on the screen when browsing the files. Presentation may just vary depending on the version of the Operating System and existing computer configuration.

Flashdrives can be dangerous due to a virus that can be disguised as a document file stored in it, but a decent anti-virus tool can detect it accurately. However, standard anti-virus scans cannot see or touch the firmware that controls the USB drive’s basic input/output functions. A flashdrive that has been plugged into an untrusted computer should be treated with suspicion. Further, erasing, formatting, or using anti-virus tools will not remove malicious codes and there is no known method at the moment to scan USB devices for integrity and ease of use.

The best software that can be trusted that can be installed in a computer is the USB Disk Security that can block threats to prevent damage or compromise the personal information stored in the USB. Moreover, it uses advance proactive detection to close the window that was left open for vulnerabilities.

The only defense against the USB attack vector is to jealously guard the USB devices. Do not plug into any port untrusted as a preventive measure. Protocol as such will drastically increase the usefulness and convenience of the USB device in the long run.

Eventually, due to its size, it can easily be misplaced or lost. Without the aid of additional software the data saved on it can easily be read by anyone who finds it. The risk of getting private or confidential information may cause cyber bullying, public discrimination and harrassment among others.

Nevertheless, when using flashdrives as reliable storage device, a level of precaution must be observed to avoid file corruption and wastage. Hence, it should be ejected safely to prevent spoilage and misuse on a computing device. Corrupted file is the same as having no data at all.

In lieu, every individual must be cautious and responsible when using flashdrives especially in storing and deleting information confidential in nature to avoid credibility issues to the uniformed personnel. Negligence may cause data leakage that might be incriminating to the organization in the long run.

RECOMMENDATION

Every individual using flashdrive as a storage device are advise to follow these best practices for securing and protecting information whether for personal or work.

Determine flashdrive reliability and integrity before purchasing by confirming compliance with the leading security standards and ensuring no malicious code on these tools;

Deploy file encryption for sensitive data stored on the flashdrive;

Scan devices for virus or malware infections;

Have procedures in place to recover lost flashdrives;

Use passwords or locks; and

Use safeguards to prevent misuse.

For additional information, please refer to the following security websites:

http://msisac.cisecurity.org/daily-tips/

http://pcsupport.about.com/od/termsag/g/flashdrive.htm

http://www.itbusinessedge.com/slideshows/show.aspx?c=92432&slide=11

http://askbobrankin.com/alert_serious_security_flaw_in_usb_drives.html

Share this post

Submit to FacebookSubmit to Twitter