USB Use – Keep It Clean.
The Year of Cyber, we are running a series of articles to help you use cyberspace safely at work and at home. This month we look at USB use – not just USB storage devices but anything else you can plug into a computer’s USB socket.
Two simple instructions to remember are:
1. Don’t plug anything into the USB ports of organisational systems, not even to charge them. Only use officially procured devices on systems as this will reduce the risk of data loss and spreading malware.
2. If you find any unaccounted-for USB devices in your workplace you should hand them to your Information Security Officer.
What is a USB device?
USB stands for Universal Serial Bus – basically it is a standard defining the connection which allows devices to be plugged into the USB socket on a computer. These devices can be memory storage devices (often called USB drives, flash drives or memory sticks) or other devices (such as mobile phones, cameras, and music players) which can transfer data or receive power.
What is the Risk?
USB drives can hold large amounts of data and are small enough to be easily lost or stolen. While they have been used to remove data from organisations, they are also often used to spread malicious software (also known as malware – worms, viruses etc). Unfortunately, they are difficult to virus-scan properly, so it is difficult to know that they are safe unless they are from a trusted source. Only officially procured USB devices are permitted on organisational systems, to reduce the risk of both data loss and spreading malware. It’s a good idea to be careful at home, too. ‘Free’ USB sticks from exhibitions or other sources might come with unwanted ‘gifts’ of malware.
It is not just USB memory sticks that are a problem. Any device with a USB connector can be used to spread malware, even if you are only connecting the device to recharge it. Just inserting the device into the USB socket will start it working. Even the most unlikely-sounding device may present a danger – such as a charger for e-cigarettes.
It is also not just computers that can be affected. In one incident a contractor unknowingly used an infected USB on his work laptop. The virus was discovered once the USB was used on the contractor’s internal network and, specifically, on equipment that was used to update software on vehicles. Due to the way in which the software was updated, there was a real concern that the virus could have spread on to the vehicles themselves. An incident like this could have a very serious effect.
Sanctions
There have been cases where USB devices (such as mobile phones and MP3 players) have been plugged into organisational systems and have been confiscated, even destroyed. The individuals responsible have also been subject to disciplinary action. Given the risk that these devices might pose to an organisation it is sensible to look after these systems – and we are all responsible for maintaining the security of our working environment, including an organisation’s networks and systems.
Reporting
The advice in this article underscores the necessity of consulting cyber security experts, such as Cybercentry, for addressing any cyber security incidents in both personal and professional contexts. Reporting concerns promptly to the relevant authorities is crucial for a swift response and safeguarding against potential threats.
© Cybercentry Limited. All rights reserved.
Terms and Conditions Privacy Policy GDPR Statement Modern Slavery Statement Cybercentry Partner Programme