InfoSec / Cyber

Be Cyber Aware in orange text on a blue computer with Data Protection Education Logo

Be Cyber Aware: USB Sticks

This article is one in a series of articles about raising cyber awareness in an organisation.  We visit a number of organisations through our data walks and often discuss the use of USB sticks with staff and are told that they are not allowed.  Yet we will see them in use during the walk.  A verbal/written policy is not the same as prevention and detection.  This article will discuss methods for detection and why. USB sticks have traditionally been used for storing data either for transfer or back up reasons. However, over recent years as organisations are moving to the cloud and providing online storage there is less of a need.  The role of USB sticks in data breaches is well known and documented as they are easily given to loss and corruption.

Data Security -Unauthorised USB devices can be used for data theft, malware distribution, or unauthorised data transfers.  Detecting and preventing USB usage helps safeguard sensitive information and prevents potential security breaches.  A former head teacher was fined for unlawfully obtaining children's personal data from previous schools where he worked: https://www.forbessolicitors.co.uk/news/45012/head-teacher-fined-for-breach-of-dpa

Malware - USB devices can be carriers of malware.  By monitoring USB activity and controlling access, you can minimise the risk of malware infections spreading throughout the organisation's network.

Endpoint Protection: An endpoint any device (which includes a laptop, phone, tablet or server) connected to a secure organisation/business network.  When you connect to a network you are creating a new endpoint.

Every endpoint is a point of entry for a cyber attack.

A lot of organisations that we speak to have a verbal/written policy for not allowing USB sticks and should be part of the organisation's Acceptable Use Policy.  This means that it is possible for a member of staff to still use one, for anyone in the building to use one, and if the server is unlocked and in a communal area then the server and network are open to a cyber attack.

Consider Endpoint Security Software for help in controlling the use of USB sticks.  They can enforce policies that allow or restrict USB access based on predefined rules, such as whitelisting approved devices or blocking unknown ones.  This means that it will block a USB stick that it does not recognise, but will allow the organisation's iPads/mobile devices to be connected for information retrieval.

Physical security measures could also be considered such as securing/blocking computer ports, using tamper-evident seals or employing locked cabinets (especially for servers) to prevent unauthorised access to USB ports.

Password gathering: While it is well known that malware and viruses can easily be delivered using a USB stick, given they can execute code without any commands being given, it should also be considered that they could be used for gathering password information.  Many staff have several passwords to remember and so will use both Windows and for example, Chrome, to help automatically remember the passwords; this information can also be stolen using a USBStealer which is a Windows Based Password Hacker tool.  Generally staff will use Windows to store a large portion of its passwords on an everyday schedule such as passwords, login ids and secret keys.  Further information about how this works can be found in the GB Hackers Password Hacking article (please note the article is for educational purposes only).

Consider viewing our Information & Cyber Security Best Practice Library for advice and guidance around best practice.  

Data Protection Education offers Making the Rounds (data walks) with one of our consultants  who visit your organisation.  During the visit they would view where the server is kept and best practice around computer use, alongside normal data protection processes.  Email This email address is being protected from spambots. You need JavaScript enabled to view it. for more information.

What to do in the event of a cyber attack?

Tell someone!  Report to IT. Report to SLT. 

Unplug the computer from the internet by removing the ethernet cable or turning the Wi-Fi off.

If you are a victim of a ransomware attack we would recommend reporting this to Action Fraud: https://www.actionfraud.police.uk/ as well as your data protection officer so they can advise about the data loss.  Most cyber crimes like these will also need to be reported to the ICO by your data protection officer.

Isolate the infected device and pass to IT 

Always ensure there are backups you can restore from.

Little Guide to ACTION FRAUD

Search