What you need to know about the Security Risks of using a USB drive

What kinds of security problems can USB drives cause?

USB drives, which are sometimes called "thumb drives," are cheap, small, and easy to find.

Because of this, they are a popular way to store files and move them between computers.

But the things that make them strong also appeal to people who want to attack them.

When attackers plug USB drives into other computers, they can spread malware to them. Malware can tell when a computer is connected to a USB drive. The malware then

downloads the bad code and puts it on the drive. When the USB drive is plugged into

another computer, malware is sent to that computer.

Some attackers have also gone straight for electronic devices, like photo frames and USB

drives, infecting them while they were still being made. When people buy infected

products and plug them into their computers, malware is put on their computers.

Attackers could also directly get information from a computer using their USB drives. If a

hacker can physically get into a computer, they can use a USB drive to get sensitive

information. Even computers that have been turned off could be at risk the memory

stays active for a few minutes after the power has been turned off. If an attacker plugs a

USB drive into the computer during that time, they can quickly reboot the system from the

USB drive and copy passwords, encryption keys, and other sensitive information from the

computer's memory onto the drive. It's possible that the people whose computers were

attacked don't even know it.

The most obvious security risk with USB drives, though, is that they are easy to lose or

steal. If the data wasn't backed up, losing a USB drive could mean losing work hours, and it

might not be possible to get the data back. And if the information on the drive is not

encrypted, anyone who has the USB drive can see all of the information on it.

How can you keep your files safe?

You can protect the information on your USB drive and any computer you plug it into by doing the following:

Don't put a USB drive in your computer that you don't know. You should give a USB drive to the right people if you have one (the security staff at a location, the IT department at

your company, etc.). Do not plug it into your computer to see what's on it or who owns it.

Make the most of safety features. Use passwords and encryption to keep your data safe

on your USB drive, and make sure you have a copy of the data in case you lose your drive.

Don't mix up the USB drives you use for work and fun. Don't use your USB drives

on computers that belong to your company, and don't plug USB drives with company

information onto your computer.

Disable Autorun. The Autorun feature opens CDs, DVDs, and USB drives automatically

when they are put into a drive. By turning off Autorun, you can stop a USB drive with

malicious code from automatically opening when you plug it in.

Use security software and keep it updated, and make sure that all software is up to date. Use

a firewall, antivirus software, and anti-spyware software to make your computer less

vulnerable to attacks. Keep the virus definitions up to date (see Understanding Firewalls for

Home and Small Office Use and Recognizing and Avoiding Spyware for more information).

Also, keep the software on your computer up-to-date by applying any needed patches (see

Understanding Patches and Software Updates for more information).