USB Security: Protect your devices with our 8 tips

USB ports are ubiquitous – found on laptops, desktop computers, and even on devices in manufacturing environments or healthcare settings. They enable quick and easy data exchange and the connection of various peripheral devices. But this convenient interface also carries significant risks for IT security. Have you ever wondered how easily an unsecured USB stick can become a gateway for malware, or what dangers arise from unknown devices connected to your systems?

Indeed, numerous security incidents demonstrate that USB ports often represent an underestimated link in the security chain. From accidentally plugging in an infected stick to targeted attacks via manipulated USB devices, the potential threats are diverse and can have serious consequences for businesses and individual users alike. In this blog post, we'll illuminate the critical role USB security plays in your overall IT strategy.

• CFO: “I've lost my USB thumb drive. Lots of important spreadsheets were there! Do something please!”
  

• Project Manager: “I’ve just used my USB external drive on a contractor’s laptop who said he never had an AV. Can I use it safely on the company’s laptop again?”

• Sales Lady: “Remember the USB drive the company has given me? Seems I dropped it in that taxi yesterday while on my way home. Could I ever know what I backed up on it before leaving the office?”

• Engineering Team Lead: “Since my colleague checked her SD card on my PC this morning I don’t seem to be able to open my project documents anymore. They all are unreadable. What could it be?”

• Risk Management Head: “We have a new requirement; all USB storage devices must be blocked inside our corporate network, except company-provided sticks which must be encrypted before use. Can we do that?”

Any of the above nightmares sound familiar?

Are you worried about security of your USB device? In this blog post we will share our 8 tips for USB security and we will show how DriveLock solutions can put an end to your concerns. They never stop – until you act up. In this blog post we explore how DriveLock solutions can put an end to this chaos!

A. USB ports: Some Background

Mobility is one of today’s key characteristics at both business and personal levels. A large chunk of our data is on the move with us, carried inside various forms of storage devices.

Since their advent around the year 2000, USB storage devices (including pen drives, external hard disks, and the like) have been an essential piece of our daily operations and have provided so much convenience that is impossible to give up. They have been the ultimate choice for many day-to-day functions; copying files around, sharing documents with external parties, short-term backups, etc.

B. 6 MOST POPULAR TYPES OF USB PORTS

When we talk about USB security, it's important to recognize that "USB port" isn't a one-size-fits-all term. The world of Universal Serial Bus (USB) connectors has evolved significantly over the years, leading to a variety of physical shapes, sizes, and underlying technologies. While the core function remains the same – enabling connectivity and power delivery – the subtle differences between these port types can sometimes influence their security implications and how they're managed.

Currently, you'll commonly encounter several distinct types of USB ports in use across various devices. Each type was developed to meet specific design or functionality requirements, from the widely recognizable rectangular ports on your computer to the smaller, more robust connectors on mobile devices and specialized equipment. Understanding these different physical interfaces is the first step in comprehensively addressing the security posture of all USB connections within your environment.

There are 6 different types of USB ports which are being used. 

• Type A - This type is flat and rectangular and it is the most commonly used. 

• Type B - It is known as standard B connector and it is square and it has big square protrusion or a slight rounding at the top.

• Type C - Type C USB is small and think in a oval appearance with a asymmetrical. 

• Mini A&B - They have two versions as well A and B and are just a smaller versions on Type A and Type B. Those types are mostly found in the portable cameras, game controllers or old mobile phones.

• Micro A&B - It is used in most available smartphones, tablets or game controllers on the market. 

• Lightning Cable - This type of USB is mostly used with Apple's devices. There are two types of them. First has a think lightning connector with a Type A ending. However, second has a Type C ending. 

So we live in a world heavily dependent on the use of USB drives, thus setting a policy in work environment that ultimately blocks access to those devices is not a wise choice and can negatively impact the business in one way or another. But still an open-access strategy for those devices imposes an extremely huge threat. Should organizations sacrifice security or usability? Let's have a look into this.

C. USB SEcurity: Never-Ending Challenges

Downsides of USB storage devices are not hard to realize. Actually we face them every day and with every use of those devices. Their top benefit can also be the worst – mobility. As time advances, they are becoming relatively smaller, and grow larger in capacities. From the humble 8MB drive in the 2000's, today drives reach multiple magnitudes in GBs. In fact, some have reached up to 2TB! Now with such huge capacities, one can move around boatloads of data, which could be confidential, business critical or otherwise very sensitive. Imagine losing a non-protected drive used to backup customer-related information!

Continuing on the same subject, is the capability to intentionally leak business-critical data. For organizations having little to no control over files transferred to USB drives, leaking (and subsequently exposing) important data is inevitable. Check out the following news article on Mirror about a terrifying data leakage incident:

• Met Police detectives were liaising with airport chiefs to work out how the USB drive, with a massive 2.5GB of data, ended up in the street.

• There were at least 174 documents. Some were marked as “confidential” or “restricted” – but could still be read.

In addition to mobility and potential to lose data, USB storage devices have been a preferred choice to get malware inside an organization’s network. Based on this post on ELiE website 48% of people would plug-in USB drives found in areas such as parking lots. Malicious software of any type can easily enter the corporate network thru non-sanitized USB drives. According to Wikipedia, the Stuxnet worm was introduced to targeted victim environment via an infected USB flash drive. Also this Dark Reading article mentions a study found that 70% of businesses had linked data breach incidents they suffered to USB memory sticks, where those incidents were almost equally split between drive loss and drive-borne malware situations.

7 easy tips on securing your data on USB

1. Opt for Hardware-Encrypted USB Drives: The most robust first line of defense is to acquire a USB drive with built-in hardware encryption. These drives encrypt all data written to them automatically, often requiring a PIN or password directly on the device itself. Unlike software encryption, which can sometimes be bypassed, hardware encryption is a more formidable barrier against unauthorized access, even if the drive falls into the wrong hands.

2. Employ USB Encryption Software: If you don't have a hardware-encrypted drive, software encryption is your next best friend. Tools like VeraCrypt or BitLocker (for Windows Pro/Enterprise) allow you to encrypt specific folders, partitions, or even entire USB drives. This ensures that even if the drive is lost or stolen, your data remains unreadable without the correct decryption key or password.

3. Implement Two-Factor Authentication (2FA) for Access: For highly sensitive data or when connecting to systems that contain such data, leverage Two-Factor Authentication (2FA). Some advanced USB drives and certain operating systems or applications can be configured to require a second form of verification (e.g., a code from an authenticator app, a fingerprint, or a physical security key) in addition to your password. This dramatically increases security by adding an extra layer that even a stolen password can't easily bypass.

4. Password-Protect Individual Documents and Archives: Beyond encrypting the entire drive, consider password-protecting critical documents or archives directly on the flash drive. Many applications, like Microsoft Office, allow you to set passwords for individual files. For collections of sensitive files, create password-protected ZIP or other archive files. This provides an additional layer of security, especially if you're sharing the drive with others but want to restrict access to specific content.

5. Maintain Regular Data Backups: The golden rule of data security applies equally to USB drives: always have a backup of your data. USB drives are susceptible to physical damage, loss, theft, and corruption. Relying solely on a USB drive for your critical data is a recipe for disaster. Regularly back up important files from your USB device to a secure cloud service, an external hard drive, or your main computer's storage.

6. Securely Delete Sensitive Data: When sensitive data is no longer needed on a USB device, simply deleting it or formatting the drive isn't enough. Standard deletion only removes the pointer to the data, leaving the actual information recoverable with forensic tools. Use secure data erasure tools that overwrite the data multiple times. This ensures that your sensitive information is irrecoverably removed from the device before disposal or reuse.

7. Utilize Secure Cloud Storage Alternatives: For ongoing data access and collaboration, consider whether a USB drive is truly the most secure or efficient method. Cloud storage services with robust encryption and access controls, like enterprise-grade solutions or well-known public cloud providers, often offer a more secure and manageable alternative for data sharing and storage. They reduce the risk of physical loss and provide audit trails for data access, aligning better with modern security best practices.

D. DRIVELOCK'S USB SECURITY SOLUTION

Native controls for devices found in operating systems are not adequate, not flexible, or both. Additionally, such controls bundled with some AV solutions cannot meet demanding business requirements today.

DriveLock offers next-generation endpoint protection solution called Device Control which is dedicated for controlling access to drives and devices connected to endpoints. The feature-rich solution helps businesses find a balance between data/endpoint protection and employee productivity. Let's see how.

• Extensive Coverage - Controlling all types of drives: flash drives, DVD/CD, FireWire, SD, etc., devices (printer, scanner, modem, biometric, etc.), smartphones (iOS, Android, Windows, etc.) as well as buses and controllers (serial, parallel, PCMCIA, SATA, etc.).

• Deeper Control - Great, flexible and granular control options including applying permissions based on users, group of users, computers, group of computers, time of the day, type of network connectivity (location), and much more. Drive whitelisting is extremely important, which is possible based on drive's vendor ID, product ID and serial number, as well as on other characteristics such as its size and its encryption status. File-type filtering is beneficial for both controlling data going outside corporate network, and for controlling what can come in (example, block MS Office documents from leaving and prevent executables from entering).

• Data & Endpoint Protection - Providing clear visibility on data transferred to and from storage devices via two-way file auditing and shadowing. File filtering can be used to block unknown and unwanted applications from entering which could be harmful and/or time wasting. Enforced encryption ensures no data leaves in clear format, thus maintaining confidentiality of our most important asset. Device and application whitelisting adds an important security layer, keeping out unknown and potentially dangerous devices such as key loggers.

Endpoint protection solutions are an extremely essential piece of any information security strategy. DriveLock adds great value with Device Control, but this is just one part of the wholistic solution which also includes:

• Application Control,
• Security awareness & Education,
• and more.

Interested in evaluating Device Control or any of DriveLock solutions?

Choose from our risk-free evaluation options - on-premise or cloud environment. Either way, one of DriveLock experts will happily help you through the process!