USB sticks can bring great security risks for your business
The speed at which cyber attacks are evolving is not being matched by the speed at which businesses are improving their capabilities to address cyber security risks, especially when it comes to USB sticks.
We all use USB drives, handing them back and forth like digital business cards and plugging unfamiliar ones into our computer all the time. Although we know they often carry malware infections, we depend on antivirus scans and the occasional reformatting to keep our computers clean. However, it’s important to realize their risk isn’t just in what they carry, but into the core of how they work.
According to a recent study presented at the Black Hat hacking conference in early August by security researches Karsten Nohl and Jakob Lell, there is an even dangerous issue about USB security. Basically, they discovered and proved that many malware codes hide in the firmware that directs all basic functions, and not only in the flash memory storage of these external, portable devices. And that means the corrupted code can’t be easily detected, deleted or removed along with the files on the drive.
Nohl and Lell’s virus was shown to be able to do great damage – especially for businesses and corporations – like: assume control over keyboards, issue commands to download and install malicious files, convert the USB stick into a network drive, and even capture and redirect Internet traffic from a computer’s browser. At the same time, antivirus and spyware programs have proven ineffective at stopping these kinds of deep-rooted malware attacks.
Since firmware is so hard to scan and clean, many security researchers proposed a drastic solution: stop using USB drives altogether. However, not all businesses are ready to give up the USB drive just yet.
What can you do to protect your systems and your business from potentially infected USB drives?
- Say no – USB devices are certainly handy for transmitting large files and all kind of data. But keep in mind that we live in the cloud era, so with cloud computing solutions coming into sharper focus each and every day, the necessity of USB drives may fade over time.
- Make sure your USB drive it’s brand new – A new USB device has a smaller chance to infect your computer. Also, remember to be careful with the free ones. Just because you get something for free doesn’t mean you have to use it.
- Develop a protocol – If you must share a USB drive with a colleague, develop a protocol to assess it for viruses and malware. Many third-party apps and proactive monitoring and management solutions can scan USB drives for safety, although I would recommend consulting an IT professional before choosing one. No matter your choice, whether you’re giving someone a USB drive to use, or receiving one in return, be careful! It’s better to stick with the same device from the time you take it out of the box until the day you decide to get rid of it.
Finally, my advice to you is: don’t take any risks. If you’re not sure whether an old USB drive is safe, don’t risk it. Go out and buy a new one. The average price for a brand-new device with 64GB of storage is about $25. Isn’t that better than losing your entire system to a malware attack, and then having to pay for a full recovery or even new computer, all because of one corrupted USB stick?
Photo credit: https://www.flickr.com/photos/[email protected]/450291958/