- Created: Monday, 05 October 2020
- Written by Paul Grigg
What would you, or your most trusting colleague do on finding a USB stick in your car park? Would you try and find the owner? Perhaps plug it in and take a look?
One tactic hackers use against valuable targets such as accountants, lawyers, architects, etc is to “drop” a malicious USB stick in their car park. There is a good chance a well meaning employee will plug it in and poke around to try and identify whose it is. Now the hacker has bypassed multiple layers of security and usually the only one left is the antivirus. If that doesn’t catch what’s on the stick then they’re in!
The hacker will then steal your information, attempt bank transfer fraud, encrypt all your information so you can’t access it and hold you to ransom.
Unrestricted USB sticks carry other risks too:
- Unencrypted personal data could violate data protection legislation leading to fines, disqualification etc
- A malicious employee can steal data with no/little trace
- Booby trapped USB devices such as the USB Killer
- Employee time wasting
So, what can you do? For most organisations, cloud storage such as OneDrive or Dropbox can simply replace USB sticks and then you can block USB sticks outright. If your organisation has some niche need for them, then Microsoft Intune has fine grained permissions - e.g. allow particular employees/devices/usb sticks, while blocking the rest.
Engage telanova to implement security measures appropriate for your organization.