How important is it to protect your organization from USB threats?
USB devices are a popular choice when it comes to transferring data, but they can pose significant security risks for your organization. The plus points of USB devices are their size and efficiency; however, if these devices aren’t monitored or restricted appropriately, all it can take is just one flash drive to wreak havoc in the form of malware infections, data loss or theft. These incidents can be costly and take years to recover from, which is why it’s important for businesses to enforce preventative device control measures to curb all USB-related exploits.
USB threats that organizations should be looking out for
USB Phishing Scams
One example of a simple scam is the ‘USB drop attack’ also known as the ‘lost and found USB.’ It’s a type of social engineering where hackers scatter USB sticks within or close to company grounds, so that unsuspecting employees will pick it up and plug it into their computers out of curiosity. Once connected, these devices can take just seconds to infect the system with viruses, logic bombs or ransomware.
BadUSB and Rubber Ducky Attacks
These are USB devices that were built or whose firmware was manipulated to act as HID (Human Interface D). When plugged in, BadUSB will mimic a keyboard and can discreetly run harmful commands for the purpose of unleashing viruses, breaking business continuity or hijacking control of the organization.
Another source of USB threats are employees themselves. These are users who already have legitimate device access for their computers but can sometimes accidentally or deliberately utilize USB devices to leak sensitive content. Accidental leakage can occur when users aren’t aware that a file is sensitive, and they end up transferring it to their devices. These devices can then possibly become lost or fall into the wrong hands resulting in data loss. Deliberate insiders, on the other hand, leverage USB devices with the sole intent of stealing confidential data, disrupting performance and/or damaging the reputation of the organization.
How to proactively mitigate USB and device-related threats?
Computers are often the entry point for USB devices; therefore, in order to protect your organization from USB attacks, domain-level systems must be secured. The following is a list of simple but effective steps to implement USB control for your endpoints:
- For each computer or group of computers, create a list of trusted USB devices belonging to highly authorized users so that even in Bring Your Own Device (BYOD) environments, all other USB devices will be blocked by default.
- For ordinary employees or third-party collaborators, allow only temporary access.
- Continuously monitor all USB ports so that other auxiliary devices can’t connect to the network without permission.
- Disable auto-play on all your endpoints.
- For permitted USB devices, allow file access to relevant content and only assign data transfer privileges to trusted staff for mission-critical tasks. Trace all file actions.
- Only permit BitLocker-encrypted USB devices, so that all copied data in motion remains encrypted even if lost or stolen.
- Create provisions to receive audit data to keep up-to-date with device trends or be notified of attempts to bypass any enacted security measures.
How can Device Control Plus help?
Device Control Plus is a versatile device control and file access management solution that can be leveraged to automate all the above steps in USB control. It provides numerous out-of-box features for effective policy creation and is ideal for both SMBs and enterprises.