In our 12 Threats of Christmas feature, we want to look at cyber threats and issues that can impact organisations.  

Some may be known to you, whilst others, may seem a little more out of the box. 

On the eighth day of Christmas, our cyber threat is: 

Removable Media 

Thanks to the invention of USB sticks, smartphones, SD cards and external hard drives, employees are now able to copy and transfer data. Taking it out of the secure office environment. 

However, the portability of these devices and the ability for them to connect to any network brings with it its own flaws. It makes them prone to network security breaches. 

What are the risks to my business of removable media devices? 

The risks associated with mis-managed removable media devices include: 

  • Loss of information 
  • Introduction of malware 
  • Reputational damage 
  • Financial loss 

A seemingly harmless portable media device has the potential to trigger a huge cyber attack, even when the computer system targeted is isolated and protected from the outside. 

There are numerous ways for cyber criminals to use removable media devices to infect computer systems. However, one of the most common methods ia USB stick that is infected with malware. Criminals often use a popular form of social engineering, known as ‘Baiting’, to launch this attack. 

Baiting, as the name implies involves luring someone into a trap to steal their personal information or infect their computer with malware. The attacker will often leave a malware infected device, such as a USB stick, in a busy place where someone can find it. 

The criminal will then rely on human curiosity to complete the cyber attack and as soon as the device is plugged into a computer, it will infect an entire network with malware. 

What steps can I take to protect my business against attacks on removable media? 

Here are some steps you can take to protect your business from criminals using removable devices to infect or steal your company data: 

  • Limit the use of all removable media devices except when authorised 
  • Apply password protection. To safeguard sensitive information and restrict access, all removable media should be protected with strong passwords 
  • Encrypt information held on removable media. If the use of removable media is required, the information on all devices should be encrypted. The level of encryption will depend on the sensitivity of the information stored on the device 
  • Never copy files to removable media unless it is necessary or has been authorise 
  • Scan all media for malware. Removable media should be thoroughly scanned for malware before it is brought in to use or received from any other organisation
  • Never leave removable media lying around. Lock it securely away when not in use 
  • Disable Bluetooth, Wi-Fi, and other services when you’re not using them 
  • Never attempt to access files from any removable media that you may have found. It may contain a virus that will infect computer systems with malware 
  • When using Bluetooth, set it to the “non-discoverable” mode to hide the device from unauthenticated devicesReport missing devices immediately, so they can be cleared of all data 
  • Use security software and keep all software up to date 
  • Disable auto-play 
  • Add any removable devices to your asset register 

Missed Day 7 which focused on Social Media? Fear not, you can read it here