Share this Article

How Safe Is Your USB Flash Drive?


USB Flash Drives Are Not As Safe as Most People Think

Although the use of cloud-based storage solutions has risen over the past years, its popularity has not meant the death of USB flash drives. Its small size, portability, and affordability has kept this storage medium a ubiquitous staple in schools and offices everywhere. In regions where broadband internet is still not common, delivering a USB flash drive through the mail is a quick and affordable method to transport huge amounts of data.

Because USB flash drives are separated from Internet connectivity when not in use, people see these devices as a secure and convenient way to store data. Indeed, because there is no connectivity involved, IT professionals do use these devices with air-gapped systems. “Air-gapping” is a network security measure where computer systems are physically disconnected from local networks and the Internet at large. Because these systems have no connectivity, there is no way for an intruder to infiltrate an air-gapped system via the Internet. A common way to transfer data in and out of an air-gapped system is through the use of removable media such as a USB flash drive.

However, USB flash drive’s continued popularity comes with it some associated risks. The device’s offline nature alone does not make it completely secure. A flash device with an unknown of chain of custody can easily become compromised and be used as a vector for malware within an organization. 

According to a study done by Honeywell, 37% of all online threats are specifically designed to take advantage of removable media such as USB flash drives. This is an increase from 19% from the year before. The study also reveals that 79% of cyber threats that were borne from USB devices are severe enough to cause a critical disruption in a business. Additionally, the use of USB flash drives saw a 30% increase within production facilities in 2020.  This increasing dependence on removable media has made USB flash drives a more attractive vector for cyberthreats.

Here are a few ways you can help keep your business safe while using USB flash drives:

  • Do not insert into a computer any removable media whose origin or chain of custody is unknown to you. Educate employees to never plug in any unknown USB drive. All it takes is for one employee to insert an infected USB drive to potentially cause serious harm to a businesses’ computer network.
  • Keep track of who USB flash drives are being lent out to. Remember, flash drives are only as secure as the people who handle them.
  • When not in use, keep USB flash drives in a safe and secure location, such as a locked drawer.
  • Employ measures such as Windows Bitlocker to encrypt removable flash drives to ensure data contained in these drives remain secure should the removable drive end up in the wrong hands.

Do Not Plug In That USB Flash Drive You Found on the Street!

In 2016, the University of Illinois conducted an experiment wherein nearly 300 USB flash drives were scattered through the campus. The simulated malware contained in the USB drives revealed that it took only six minutes for the first USB drive to find its way to an Internet connected computer. The study concludes that the experiment had a 45 – 98% successful “attack” rate.  This study also highlights the fact that USB flash drives are not inherently safe, yet people readily insert these devices into their computer without any second though. The devices are only as secure as the people who use them. Had the flash drives used in the study actually contain any malware, the resulting cyber attack would have unleashed untold damage to the University’s computer network and the devices that are connected to it.

Businesses Need an IT Partner

Because of the device’s ubiquity, small size, and affordability, it is very easy to overlook the USB flash drive’s potential of destruction. Businesses and their IT partners must work together to ensure that computer networks and the devices connected therein remain secure. If you are a business that does not have a dedicated IT team, you must get in touch with us right now. News headlines are increasingly about cyberattacks, and the use of USB flash drives is just one way malicious hackers can jeopardize your business. Small companies that fall victim to a cyberattack have a six-month survival rate of less than 40%.  Call us at (972) 528-6546 or fill out our online form to find out how your business can benefit from a partnership with LG Networks, Inc.