Ah, humble USB - the connection as ubiquitous as pay-phones used to be.
They power our phones. They allow us to plug in everything from keyboards and mice to storage devices and printers. What would we do without them? It’s true, in our personal lives, these flexible ports are hard to live without. In the business world though, their flexibility is becoming a lucrative way to steal your data. This can happen several ways:
Hackers can ‘spread the net wide’, and infect your employees’ home computers with silent viruses that, in turn, infect any devices plugged into them. All that needs to happen next is for your unknowing employee (or yourself) to plug in the infected phone or flash drive to their work computer.
A malicious individual or employee with a bone to pick (maybe for getting passed over for that position or raise?) can plug in any number of ‘pwn devices’ (easily purchased hacking devices - that look just like flash drives!) to access data they shouldn’t, sell privileged information, or just knock out your network with Ransomware. Stuff like this DOES happen.
Fortunately, it is possible for those in corporate situations to have their IT team disable USB storage devices, stopping many of these attacks in their tracks. Since employees often have corporate email, Network Drives, or company-provided laptops - these USB devices are simply not a risk worth taking. Yes, it’s a slight hindrance. But isn’t it worth it?
While security almost always comes with an inconvenient side-effect, we must remain vigilant.
Security always trumps convenience when it comes to business.
Now that you know about this risk, we highly recommend speaking with your IT team about it. If you get pushback, or you would like a second opinion, don’t be afraid to reach out! We’re available and affordable for consulting, audits, and much more.
We write articles like these because we care about the state of corporate IT.
But writing isn't the only thing we do - our expertise comes from being in the industry since 1986.
We are an MSP, and we offer a wealth of services - from managing your corporate IT, to preparing your network to pass PCI-DSS or HIPAA compliance. If that sounds like something you need, click here to learn more, or reach out to us right now by clicking here.