3 Risks of Using USB Drives in Enterprises, and How to Prevent Them
Written by Kevin
Portable, fast, and easy, USB drives have become the household gadget for file and data transfer for the last two decades or so. From USB 1.0 to the newest standard, 3.2, USB drives have undergone tremendous evolution, which provided great functionality and practicality for both personal and enterprise. Especially for the enterprises, USB drives are incredibly functional IT assets, but they involve some risks regarding the confidentiality and security of valuable enterprise data.
- Unauthorized USB drives can cause data leakage and management chaos in and out of office.
Employees may use personal USB drives, without permission, to take and use confidential enterprise files in external environments. Therefore, the safekeeping of confidential enterprise files like customer data spreadsheets, financial statements, and engineering blueprints, are under threat of leaving the safe office premises and exposed to unexpected file leakage or tempering. Simply put, confidential enterprise files may end up in wrong places at the wrong time, and the enterprises might not even know such catastrophe has occurred.
Unseen risks associated with corruption, loss, and theft of confidential enterprise files from using unauthorized USB drives in and out of office is one of the biggest reasons why enterprises ditch them, despite the high level of productivity they offer. Therefore, the essential procedure to use USB drives safely in the enterprise environment is to first designate specific, and secure USB drives and their users, in addition to understanding the purpose of using them.
- When using USB drives that are unprotected, despite the clear indication of purpose and designated users, safekeeping of confidential enterprise data can still be at risk due to the three big reasons as below.
Lost or stolen USB drives are easily exposed to data leaks if they are found by unauthorized users since they can connect the USB drives to PCs to browse and use, or even leak the stored confidential files. To eliminate the possibility of confidential file leakage from lost or stolen USB drives, enterprises must consider encryption as a fundamental necessity.
Trusted insiders with permission to use authorized USB drivers can be a critical risk factor, despite the enforcement of encryption. They can take the confidential files for personal interests, like monetary gains or corporate espionage, by simply copying or taking the files and contents out of the USB drives. Therefore, enterprises must implement a ‘layered’ USB drive security that protects stored files ‘before and after’ authorized access.
Furthermore, frequent traveling and connection to external, unauthorized PCs may cause USB drives to be infected by malware without warning. Malware can spread itself to enterprise IT infrastructures like servers and endpoint PCs from infected USB drives after being recovered and used in enterprise environment. To use USB drives with minimum hassle, enterprises must consider implementing a trusted anti-virus vaccine that will detect, quarantine, and eliminate malicious codes on USB drives.
- Due to the high number of USB drives, enterprises may feel lost in managing the USB drives and their information.
For enterprises, the number of USB drives used may reach up to hundreds or thousands. If so, enterprises will face a difficult task of asset management, which pertains to assignment of the USB drives (which team or group uses which USB). Even though the USB drives have been authorized to be used, negligence of the ownership and responsibility that falls upon the users will contribute to disorganization in enterprises. Furthermore, such information can change as enterprises undergo structural changes in terms of teams and employees. Therefore, for enterprises that wish to operate smoothly with multiple USB drives and minimize disorganization in and out of office, USB drives and their specific information must be managed and even updated on a centralized platform by a dedicated individual.
For personal uses, authorizing, protecting, and managing USB drives may not matter so much. However, for enterprises, it is a completely different story; they simply cannot put their valuable, confidential files at risk by using ordinary USB drives. However, as technologies evolve, so do the capabilities to make sure that enterprises can authorize, protect, and manage USB drives for safe usage in and out of office.
In our next blog, we will discuss the number of security principles and technical measures to implement for comprehensive USB drive usage and management for enterprises.