As far as cybersecurity is concerned, it is quite rare to see removable media being mentioned in the online security context. With regards to cybersec, those of us adept at it or someone deeply interested in online and data security has probably heard of VPNs, firewalls, even multi-factor authentication, but removable media? As in USB drives, hard disk drives, and others? Who would have thought that would pose a risk? Are those devices not the innocent little plug-and-play USB drives and cumbersome large external drives? And how does cybersec intertwine with that? Well, it turns out that removable media is a big cybersecurity risk on its own, and is not discussed nearly enough. Especially when it comes to business and the media sector removable media is used a lot, and for good reason. However, knowing the risks is always a good thing.
All of us have utilized removable media, a.k.a portable devices, at some point insofar as we have had any connection with computers, at all. USB drives, SD cards, CDs, and external disks have been with us a long time now and are slowly being replaced by online cloud storage, which removes the need to carry a physical device to store data. However, it is very important to note that there is one thing removable media can still do that storing data online cannot; security. Would you store your most sensitive passwords in a Word Document located on your computer? The answer is probably a big no, you would store it written down somewhere in secret. The same applies to removable media, sensitive data can be stored on removable media and completely disconnected from the dangers of the internet. Another advantage to using removable media is the portability factor.
Common removable comprises some of the following devices;
● USB drives
● CDs
● SD cards
● External storage
● Dongles
It is important to understand why these devices pose a risk, and what the cybersecurity best practices are when it comes to removable media.
Why is Removable Media a Cybersecurity Risk?
Removable media is a cybersecurity risk, this is the truth. The reasons for this are manyfold, but the worst ones occur due to human error which can lead to cybersecurity risks. Removable media is innately risky because;
● Loss of removable media means sensitive information can be compromised
● Weak cybersecurity hygiene and internet best practices can lead to malware
IT giants like IBM are opposed to removable media. In fact, the company has barred its employees from ever using removable media because the risks are just too great. The potential damage that comes from removable media data loss or malware brings scenarios like financial damage, reputational brand damage, legal issues, and a host of other security and privacy problems. A removable media device has the potential to host malware that can trigger a cyber-incident (like a cyber-attack.) Without internet best practices like safe browsing, data protection, password security and privacy measures malware (malicious software) can easily find its way on removable media and later infect the entire network like a virus. There is even a cybercriminal tactic called 'baiting' where infected removable media devices are used by the victim who then infects entire networks unbeknownst to them. As archaic as it may be, USB devices are still in use and 'baiting' can bring down entire corporations.
Cybersecurity Best Practices For Removable Media
There are several tips to take into consideration either by company employees or regular individuals who don't have special status, work in a large company, or a specific rank. For the individual, removable media theft either by physical means or via malware, for example, can lead to several problems such as; identity theft and blackmail. For organizations, the scenario takes on an entirely new level of concern.
For an organization wishing to remain cyber secure, especially when using removable media of any type, the following recommendations must be observed at all times;
● Removable media use must be controlled and monitored
● Removable media use needs to be authorized by someone in company management
● Regular malware scans should be performed on removable media
● Removable media should never be left lying around without supervision
● Copying external files to corporate removable media is very dangerous
● Removable media must be encrypted if the data is at all important
● Alternatively (or additionally) to encryption, devices should be password protected
● Missing devices should be reported immediately
● Software should be kept up to date on the operating system and on the devices
Now that we understand the risks of removable media both in business environments and casual environments, just like everything else when it comes to being cyber secure, it is key to use common everyday sense and understand that the internet is a place full of risks.
* This is a contributed article and this content does not necessarily represent the views of sciencetimes.com
