Data Security (Inc. Data Loss Prevention), Cyber Security, Privacy, Website Security, Email Security, Malware/Viruses, Open Source Intelligence, Cyber Security/Product Training

Removable Media

Details
CDs/DVDs may be 99% extinct, but USB pen drives and USB hard drives are still around, even if they are less common than they were five years ago. USB devices, as well as SD cards, may be small and cheap, but they introduce an increased chance of data exposure by loss/theft, and, of course, malware infections are possible. Today, USB devices are massive and cheap compared to 2000. £50 will get you a 1TB USB stick, which can gobble up the data of two full modern laptops.

Do not trust optical media as a backup
Yes, CDs/DVDs are rarely used today, but a handful of people may be using them to back up important data. Disc rot is relatively unheard of—it's what happens when a CD, DVD, or Blu-ray deteriorates over time. In that event, precious documents, photos or videos burned onto optical media could be lost. A safer solution is to store content online and on other media such as external hard drives.

Safely dispose of
The simple format of a USB device does not delete data, and data can be recovered simply. Either physically shred USB devices, or for CDs, use a specialist shredder to cut them into multiple pieces. If you want to recycle USBs, then use specialist data overwriting software – even MacOS has this integrated into it.

Turn off auto-run
Turning off auto-run on your Windows laptop or desktop will reduce the risk of malicious software running from removable media automatically.

Do not plug in strange USB drives
USB drives can be used to transport malware, especially trojans. If you find a USB drive on the train, resist the temptation to plug it into your computer. Hand it to IT for them to run it safely on an isolated machine.

Malware-scan all removable media
Set antimalware scanners to automatically scan all removable media for malware. Otherwise, run a manual scan each time if your chosen product has no auto scan option on insert.

Separate personal and business
Use one device for personal work and one for business. Then, if one is lost, not everything is lost or leaked.

Do not leave drives on the desk
USB drives are tiny, and you may not notice if one has been taken. Never leave them on your desk as anybody, cleaners or other staff, could easily take it.

Enable auto-delete/lock
Some USB security systems will allow auto-lock or auto-deletion after five or ten failed log-in attempts. This normally applies to encrypted hardware.

Encrypt
Data leakage through removable media is a strong possibility. Encrypt all USB drives, external hard drives and optical discs to ensure data does not leak if lost or stolen. Two options are available: hardware encryption or software encryption. Both have pros and cons. For Windows, BitLocker is there, and MacOS has APFS Encrypted.

Disable ports
If you are worried about data leakage or malware, you can disable USB ports and disc drives, either by pulling out the cables on the motherboard or using hardware port locks, group policy, or third-party software.

Implement a policy
USB drives are a massive cause of data leakage, and companies are fined frequently for losing data from such media. To ensure staff are clear of the rules, add a section on USB security to your IT-user policy. Instead of advising staff of the rules, enforce this by software or hardware blocks.