Universal Serial Buses, otherwise known as USB sticks, are portable storage devices that use flash memory (a type of storage that doesn't require a power supply) in order to store your files and data in a handy lightweight form, offering easy access and use for everyday tasks through plugging it into any desired USB port.
Useful in storing important files and backing up data, they are an affordable and straightforward way of managing files, and with a capacity of up to 1TB (that equates to roughly 200,000 songs), there is a high level of flexibility in terms of what you can store on there. Their memory size, alongside the fact they don't require batteries or rebooting (like most removable drives), and because it makes no difference what platform you are on, USB sticks prove to be very popular within organisations for an easy form of data storage.
Their ease of access also proves to be a flaw in them though, because it makes them an easy form of attack for hackers looking to make a quick profit.
The Dangers of USB Sticks:
Data leakage is a problem with USBs as their portability means they are hard to track and manage. If the device is plugged into an infected device, the malware quickly spreads onto the USB, and from there the it becomes a portable danger infecting anything it connects with.
One of the most well know risks with USBs is the fact they can be lost, a danger that means they could get into the wrong hands very quickly. Depending on the nature of the information on there, if the stick got into the wrong hands they could be not only be gaining valuable information in the form of company data, but also personal documents such as family photos or your CV.
Losing it could result in a security breach through a wealth of information suddenly being available to hackers, potentially showing them the ins-and-outs of a company. Equally, if the data was more personal, it could be enough for them to commit identity fraud or target you specifically through a phishing email, posing to be a legitimate cause in the aim of either spreading malware or gaining access to your bank accounts all through an element of trust created.
Finding a USB Stick
This sounds ridiculous because finding something useful, for free, is usually seen as a bit of luck…but not in this case. Finding a USB stick can be a way of malware to get onto your device as it is essentially a fully loaded weapon ready and waiting for someone to plug it in, and as a result the hackers have a way in.
Frustratingly, 50% of people who find a USB stick plug it into their computer without even thinking about what could be on there. Only security experts should be checking what's on a USB stick due to their PCs having high levels of advanced security software. An everyday laptop isn't going to be able to protect itself if that content is malicious, resulting in a virus riddled device ready to spread the malware throughout your network.
USB Specific Malware
BadUSB is a perfect example of how hackers are using what's around them to create more sophisticated attacks. It is stored in the firmware of USB devices, which means that it is undetectable, and can result in a successful attack. The concept is that it can be used to target an individual so that hackers can tailor their crimes to get the best out of them and make the biggest profit possible.
How to Stay Safe When Using USB Sticks:
Looking after your USB stick in the first place is perhaps the most obvious forms of protection, but taking extra steps to remain secure should never be ignored.
Installing antivirus software and keeping it regularly updated means that it can scan USB ports as soon as they are plugged in. In doing so, it offers you real time protection on all entry points of the computers. By detecting and removing malware, as well as preventing it from getting into the system in the first place, the threats from USB sticks can be dealt with quickly. Additionally, firewalls serve as another source of security by controlling what gets in and out of a network.
It must be remembered that whatever software you have, it might not be a strong enough form of protection depending on what the USB is loaded with. So if you find a USB, don't plug it into your device because the problems it could cause are not worth it.
Encrypting your data means that it is converted into code, so that if someone were to access it, they'd be pretty limited in what they could actually do. This isn't to say you won't be hacked if your data is encrypted, but it certainly reduces your chances because the user needs a password to access the data.
There are three ways you can go about encrypting your USB:
- BitLocker on Windows is an easy technique that means you follow the already-installed instructions on your Windows device to encrypt the USB.
- You could buy an encrypted device in the first place from a third-party company. One well recommended is IronKey.
- Using third-party encryption software means that you can encrypt the USB whatever the device type. You need to make sure the code is being created by a team of security professionals, and VeraCrypt is a good option to use.
Back Up Your Data
If the worst should happen, and your USB data is lost/stolen, make sure that it is backed up somewhere else. By doing this, you can make sure that you aren't solely relying on a USB stick to store your data, and in doing so, you are given peace of mind that the data is spread out across your devices.