Removable media devices are typically used to temporarily store information or transfer data electronically from one system to another. The improper use of removable media devices poses significant risks to the confidentiality of the different departments within an organizations information assets. Without proper management of these devices, information could be exposed to unacceptable risks. Removable media and devices are portable hardware. They are anything that can be brought into an organization and plugged into a computer ranging from a USB stick to external memory, smartphones, and tablets, iPods, Bluetooth devices, recordable CDs, and DVDs. It also includes wearable devices such as smartwatches, which are becoming more popular. The most common is a USB flash drive, but other forms could be an external hard drive or SD card.
When it comes to cyber security, removable media and devices must only be plugged or inserted into your computer if you trust the source. Don’t trust a USB stick that you found randomly. A cyber attacker could try to social engineer someone into plugging the device into a computer. Whether the intention is the find out who it belongs to or to keep it, the attacker could successfully install malicious software on your device. You should never insert a USB storage device into your computer if it has been outside of your control. Devices can be loaded with malicious software and can infect your computer when you insert it. If you happen to find one of these portable storage devices you should never plug it into your computer or phone.
Even if a network is disconnected from the Internet, it doesn’t prevent someone from copying sensitive data onto a CD or a USB memory drive. Removable media controls fall under data loss prevention. The fast-paced business environment of today requires employees to have anywhere access to corporate data and business applications. It is possible to protect important data from removable media with tools that monitor and control data transfers from desktops and laptops, even when they are not connected to the corporate network. Here are some tips to consider when using removable media:
1. Monitoring Devices – Specifying which devices can and cannot be used, defining what data can and cannot be copied onto allowed devices, and restricting users from copying data from specific locations and certain applications will help when managing devices.
2. Delete Data – Delete data on your computer, media, or device once its usefulness has expired. Redundancy of data results in more potential risks.
3. Encrypt Information – If the use of removable media is required, the information on all devices should be encrypted. The level of encryption will depend on the sensitivity of the data stored on the device.
4. Scan For Malware – Scan all media for malware. Removable media should be thoroughly scanned for malware before it is brought in to use or received from any other organization.
5. Missing Devices – Report missing devices immediately, so they can be cleared of all data.
6. Internet Access – Disable Bluetooth, Wi-Fi, and other services when you’re not using them.
7. Password Protection – Apply password protection to your removable media. To protect sensitive information and restrict access, all removable media should be protected with strong passwords that only specific employees have knowledge of.
8. Security Updates – Use security software on all devices and keep all software up to date. A great tip is to set your preferences to regularly check for updates and always automatically install them when they are available, so you don’t have to worry about checking yourself.
Ensuring your antivirus software is up-to-date is the best way to safeguard your computer against viruses and other malware types such as Ransomware, Trojan Horses, Spyware, Adware, identity theft, and more. It can help detect a problem before it becomes too big to control. At the end of the day, protecting yourself from viruses and lost data is much easier than it used to be and doesn’t have to cost you an arm and a leg. An antivirus software is a must-have on any computer for business or personal use. SEGMENTECH is a CyberArk and Check Point partner in Canada. We strongly recommend implementing an Endpoints Security on-premises, hybrid, or in the cloud. Contact us if you would like to discuss how we can assist you.