STOP! – Before You Plug in that Unknown USB Device!

June 19th, 2017 - Category - IT Security, Security

Did you know that plugging in a USB device is one of the top ways that you can introduce malware to your business networks?

This could result in data theft, data encryption and ransom, a complete loss of productivity, or the malware could just sit in the background monitoring your communications.

After May 25th 2018, any event involving a breach of data security like one of those listed above would mean customers would have to be informed (under new EU Regulations called GDPR). How would your customers take the news that their data has been accessed by cyber criminals?

It’s not just USB devices used to store files that you need to be wary of. This warning applies to ANYTHING you plug in via USB, whether it’s a mouse, webcam or novelty USB mug warmer.

Why do Cyber Criminals Use USB Devices?

Cyber criminals use USB devices because they have the ability to bypass all of your Cyber defences and because they play on people’s sense of curiosity. A USB plugged in has already bypassed the protection offered by your firewall and other perimeter defences. Cyber criminals targeting specific organisations, either to steal data, wreak havoc, or snoop on communications, will deliberately leave USB devices in the foyer, toilets, outside on the street – or anywhere else they can access.

usb.jpgOnce it’s plugged in, the damage may not be immediately apparent. Malware can deploy itself quietly, then sit there unnoticed. It may not be discovered until days, weeks or months down the line, when the damage has already been done.

When you find a USB stick, the curiosity can be overpowering. There could be some really interesting and confidential information on there! Cyber criminals know people will be curious, and they even play on this. It’s not unusual for these rogue devices to be labelled with things like “HR files” or “Director Bonuses 2017”. They want you to plug it in! Don’t!

One “ethical hacker” demonstrated the importance of vigilance against USB devices by asking an employee at the target organisation if they would do him a favour and print a copy of his CV from a USB memory stick which he handed over. The person did as asked, and he then told them why they should not have complied with his request.

How to Protect Your Business Against USB Device Threats – Endpoint Control

Unfortunately, no matter how vigilant you are, it can be difficult to ensure all of your employees follow your example – no matter how much you reinforce the message. After all, it’s not their business at stake, and some people just don’t pay attention to things like cyber security warnings.

To mitigate the threat, you should invest in endpoint control.

Endpoint control allows you to set custom rules for how your devices, such as desktops and laptops, treat USB devices when plugged in. Any threat to your data and productivity from USB devices can therefore be eliminated by ensuring your devices will not read them.

Why Multiple Layers of Protection are Needed

A multi-layered approach to cyber security is needed to stand the best chance of rebuffing the many different cyber threats that exist today. Unfortunately, no single solution can be 100% effective.

Your spam filter may stop most phishing emails from reaching you, but if the sender puts in effort, sends it from a safe domain and steers clear of any of the spam red flags, it has a good chance of reaching you. Trying to filter out messages like this would result in most of your legitimate incoming emails going to spam too.

In addition, you may have a DNS monitoring solution that prevents you from connecting to suspicious domains used to carry out malware attacks (like those linked in phishing emails). DNS monitoring works by blocking these domains as soon as an unusual spike of traffic connecting to that domain is seen worldwide. If you’re one of the first people to click on the link, you may connect to it before the trend is noticed and the domain is blocked.

The same goes for cloud based anti-virus, which works in a similar way. When a new threat is spotted, the signature is added to a central blacklist – but it has to be seen and reported by someone first. If you’re one of the first people to encounter it your antivirus may not recognise it.

By using multiple layers of protection, you increase your chances of blocking cyber threats. As USB devices by their nature already bypass your firewall, it is highly recommended you have multiple layers of protection to reduce their threat to the security of your data.

Leave a comment

Receive productivity and business posts via email

Netstar IT Support

83 Clerkenwell Road
Clerkenwell
London
EC1R 5AR