Lost USB Drives a Ticking Time Bomb for Unsuspecting Users
Everyone has a handful of USB drives, or thumb drives as some people call them. Their capacity continues to grow, and the prices continue to fall. It's a very convenient way to share data between home and work, transport files, and share photos or documents.
While a USB drives are a huge convenience, however, they're also a major security risk.
A researcher from internet security firm Sophos recently wrote about a study involving 50 lost USB drives on the company's blog Naked Security. The findings were shocking but not surprising.
We've reported on relaxed practices with laptops and smartphones here before. The findings should serve as a warning to get your USB keys and other portable devices in order before they compromise your company's security.
Malware Galore
Sophos bought three lots of USB drives at a recent RailCorp lost property auction in New South Wales, New Zealand. The lots contained a total of 57 USB drives ranging from 256MB to 8GB of space. Since a few were broken or unreliable, the test group contained 50 USB drives.
Of the 50 drives, the study found 33 drives infected with a total 62 infected files. While there was no OSX malware on any of the drives, many of the USB devices were clearly from Mac users, making the infected files a threat to any Windows users that might have shared them.
No Hint of Encryption
A deeper look at the USB drives also revealed that not one of them was encrypted.
Of course you may think that if it's your personal USB drive, why is there a need for encryption? The fact that these lost drives were available for purchase at a public auction should answer that question for you.
Sophos researchers were easily able to view files, photos, and other data stored on these drives. A brief list of files included photo albums, resumes, software and website source code, minutes of an activists' meeting, school assignments, and autoCAD drawings and work projects.
Are the files on your trusty USB drive safe from prying? What about the USB drives of other employees in your organization? Customer lists, research and development on new products, legal documents, and other data can easily fall into the wrong hands. You can vow to be careful with your USB drive, or you can actively protect your data with encryption that prevents someone who finds a lost drive from accessing sensitive files.
