No matter what you call it, those little suckers are very handy. Small, lightweight, and can hold a ton of data. We can use a USB flash drive to copy files to a friend or client's computer, to boot a computer, and even use as the source of a presentation at a conference or training session. But therein lies the rub. It's so easy to use that we tend to downplay the need to protect the data on it. And we forget that we need to protect that helpless USB drive from attack.
USB flash drives can get infected just like any other drive.
"Bah," you say. "My computer has Antivirus software -- it'll catch anything."
Think so? Read the scary but true article, " Social Engineering, the USB Way", which describes a security test by a Credit Union. Their consultant had a Trojan program made, added to USB flash drives along with some images, then seeded 20 of the little poisonous puppies in the Credit Union parking lot. Within a few days 15 of the 20 USB drives had been picked up and plugged into business computers. The result? The Trojan on the USB drive infected all 15 computers. And some of these infected other computers.
Remember, a new piece of malicious software will be able to attack thousands of computers before the Antivirus companies have time to get out an detection and disinfection update.
OK, so what security measures should you take with USB flash drives?
- Write-protect it. If all you need to do is copy files from the USB drive to another computer, write-protect it if possible. Many USB drives include a "lock" slide switch on the side.
- Encrypt data. In case it gets stolen or you lose it, does the USB drive have any information that other people shouldn't see? If so, check out encryption software that works with USB drives. Some USB flash drives come preloaded with encryption software, such as the Lexar JumpDrive Secure line.
- Physically secure it. Always, always physically protect a USB drive. If possible, keep it on your person. That's what the lanyard is for after all.
No comments:
Post a Comment