Your business could have invested in state-of-the-art firewalls, anti-virus software and connect all your remote users via VPNs, but if you fail to control the use of removable storage devices, you could be exposing your data to unnecessary risks.
Why Should I Secure USB Usage?
Securing the use of USB within your organisation can go a long way to preventing the loss of sensitive data, as you can ensure that data is only stored on encrypted devices (which you can also control, and erase if they are lost).
Many determined attackers who may target your organisation have a very interesting method by which they can almost guarantee to gain access to a computer within your network. They leave a collection of USB drives scattered around your car park, which your employees will pick up and often plug in.
These USB drives contain a program which executes when the device is plugged in, connecting back to the individual who placed it in your car park, and giving them access to the computer.
Securing your employees use of removable storage also helps to prevent data leakage, and can go a long way to ensuring Data Protection Act compliance.
How Can I Secure USB Usage?
There are several companies who produce software to enable you to control what your employees can do with removable storage devices, including USB and the DVD writer in their computers. Sophos for example, includes the necessary components to implement a policy to control this in their Small Business Suite.
These tools enable you to state that only encrypted storage devices can be written to, and that only certain types of data can be stored on them. The tools will alert your system administrator whenever an unauthorised device is plugged into a computer, and give them the option to allow access if required.
If you would like to know if your organisation is vulnerable to the type of attack mentioned in this post, our Network Audit may be of interest.