Removable Media



 What is Removable Media?

Removable media is a portable device - like a USB drive - that can be connected to a computer, network, or information system that is used for transporting and storing data. It is convenient, cost-effective, and is available in many different sizes.

 

Uses of Removable Media

There are two main uses for removable media:

  1. For additional portable storage
  2. To allow for data to be copied, transferred or access on other computers

When it comes to cybersecurity best practices, removable media and devices should only be plugged into trusted computer. If you find a USB flash drive on the ground, don’t pick it up because there is a possibility that it could be malicious. A hacker may have planted it on the ground to see if someone would pick it up and insert it into their device. If inserted into your computer, malware could immediately be downloaded onto your device. 

 

Removable Media Examples

Here are some examples of different kinds of removable media devices:

  • USB flash drives
  • External hard drives (i.e. SSD)
  • Card reader (i.e. SD card and memory card)
  • Removable discs (i.e. blu-ray discs, CD-ROMs, DVDS)

 

Removable Media Security Risks

Removable media introduces many security risks and vulnerabilities as it stores a large volume of data including sensitive data. Therefore, failure to properly manage and secure these removable media and devices could expose users to the following risks:

Removable media can be easy to lose, which could result in the compromise of the sensitive information stored on it. You should be aware that some media types may be able to retain information even after deletion. 

Malware could be introduced on a system via a flash drive once inserted into the USB port. 

Data exfiltration, if you are not careful and insert an unknown USB drive, may be malicious and could steal data from an organization. 

Autorun is problematic especially with removable media - they can be helpful but hackers abuse this feature by setting malicious programs to run automatically on removable media. 

Reputational damage is the loss of sensitive information that can negatively affect an organization’s reputation.

 

Mitigation

The best protection against any attack on removable media is to insert only trusted removable media into your computer. However, there are other preventive measures as well including the following:

  • Install anti-malware/anti-virus software on your computer - this will actively scan for any viruses or malware when a removable media or device is connected
  • Disable the auto-run and autoplay features - these features will automatically when plugged into a USB port  
  • Implement access controls to protect the data on removable media by password protecting your removable media or device
  • Implement physical security if necessary to prevent removable media from being used
  • Remove sensitive data from removable media or device once you have finished transferring the data
  • Make sure that all removable media and devices are encrypted - FileVault can be used for MacOS and Bitlocker for Windows
  • Do not allow USB flash drives to be used within an organization
  • Employee security awareness training is one of the most effective ways to protect against cyber threats by teaching them to not insert untrusted removable media into their computer; if for some reason an employee needs to plug in the flash drive then the organization should have a process to handle such a case (i.e. testing the USB drive on a sandbox environment for many malicious activity)

Final Thoughts: Removable Media

Using removable media, like a flash drive, can be dangerous within an organization because the malware is able to bypass the security solution that is deployed at an organization’s network perimeter. USB drives are the best ways for hackers to exfiltrate sensitive data from an organization and are more difficult to detect. Each time that a removable media device is used, there is a possibility that a computer may become infected. 

Since removable media and devices are an integral part of today’s society, it is important that all users and top executives within an organization understand what they can do to protect themselves and the organization from malware and viruses.

Comments

Post a Comment

Popular posts from this blog

Credit Card Payment Fraud & How to Avoid Theft

Image
Security and compliance often appear to go hand-in-hand these days. Problematically, many companies start with compliance then reverse-engineer security in a nearly futile attempt to protect data. In the payment card industry, the Payment Card Industry Security Standards Council (PCI SSC) established PCI Data Security Standard (PCI DSS) which sets the “gold standard” for compliance. Meanwhile, despite meeting the compliance standard, cardholder data (CD) remains a  primary target for cybercriminals . By understanding the seedy underbelly known as the Dark Web and the way Cybercrime-as-a-Service (CaaS) works, merchants and payment card processors can better secure CD from fraud and theft. What is payment card fraud and why is card information so valuable? Payment card fraud, also known as credit card fraud, is defined as the unauthorized use of a credit card, debit card, or similar payment tool. Cybercriminals often fraudulently utilize payment data to steal money or property from their
Read more

Internet Safety Rules

Image
  Most of us rely heavily on the internet to enjoy social media, online education, remote work, and all sorts of entertainment. So, CYBERCLICK is sharing some information about " Internet Safety Rules " .   Rules To Be Followed: 1.  Keep your confidential data offline Identity theft cases made up the biggest single category of  crimes reported to the FTC in 2020 .     But cybercriminals cannot access or steal your personal information if it’s nowhere to be found on the internet.     That’s why some data — such as your Social Security Number — should just never go online. However, when you still have to share it, be sure to send it as an email attachment and   encrypt the file   before sending.   2. Check a website’s reliability As of January 17, 2021,  Google had registered more than 2 million phishing sites . But how do you tell a reliable site from a fishy one? First, look at the address line: It should have a little padlock at the beginning — this means the connection is
Read more

Spam and Phishing

Image
  Malicious Email A malicious email can look just like it comes from a financial institution, an e-commerce site, a government agency or any other service or business. It often urges you to act quickly, because your account has been compromised, your order cannot be fulfilled or there is another urgent matter to address. If you are unsure whether an email request is legitimate, try to verify it with these steps: Contact the company directly – using information provided on an account statement  on the company’s official website or on the back of a credit card. Search for the company online – but not with information provided in the email. Spam Spam is the electronic equivalent of junk mail. The term refers to unsolicited, bulk – and often unwanted – email. Here are ways to reduce spam: Enable filters on your email programs:  Most internet service providers (ISPs) and email providers offer spam filters; however, depending on the level you set, you may end up blocking emails you want. It’
Read more