Removable storage devices, such as USB flash drives, portable hard drives or memory cards, are another part of our daily lives, almost as essential as a computer or mobile phone, but at the same time so small and discreet that we do not pay them the level of attention and security they require. How many times have we heard someone ask for a USB or hard drive to be able to share a file, that latest report or a whole collection of materials for a colleague who has just join the project?

These types of practices can have undesirable consequences if we do not take the appropriate security measures, such as infecting the corporate network with some type of malware . This infection could be unintentional when sharing a USB between colleagues without knowing that it contains a malicious file, or it could be part of a deliberate attack against the company, such as in the case of gifts that connect to the network or warshipping . For this reason, those removable devices that are promotional or that we are not sure whose hands they have been through before, should not be us in the workplace under any circumstances, and much less ‘us’ in a corporate computer.

Each organization must have

Apolicy on the use of external storage devices , known to all employees, which indicates, among other things, whether their use is permitt or not, and if it is permitt, what type of information can or cannot be stor on them.

The main risks of using these devices are loss, access to the information contain by unauthoriz persons or infection by malware . Below we show a series of measures to avoid possible security incidents:

In the event that we are going

To store sensitive or confidential information on an external device, we must always use properly protect corporate hard drives and USB drives with the appropriate security measures, as establish in the policy for the use of external storage devices, encrypting the information, storing them in safe places and informing the IT department of any incident that may occur, such as theft or loss of the device.
We must take special care with the highly sensitive information that we handle in our organization, and add additional security freequently ask questions measures to prevent this information from being stolen or misappropriat, by blocking the USB ports on computers that contain this type of information.

 

freequently asked questions
If we use a personal device ( BYOD )

To store non-confidential information (for example a corporate presentation, manuals or instructions for a product or service to show to a client, etc.), for security reasons, we must have the authorization of the technical manager and apply the same snbd host protection measures establish in the organization for corporate devices, complying with the policies for the use of these mia (encryption, secure deletion , etc.).
Set periodic password changes for device access and control read and write permissions.
Perform frequent scans to detect any type of malware .
Register external devices us within the company by means of an inventory that includes an identifier for each one, periodically checking their physical location and content, and preventing unregister devices from connecting to any computer in the organization.

Whenever possible, verify that devices are secure and up

To date in a test environment.
Use solutions call DLP or Data Loss Prevention .
Train employees to ensure proper use of these devices. Prevention and common sense are the main keys to avoiding a security incident due to misuse.
Another aspect to which we must pay special attention is the elimination of the information contain in this type of device, since it is very common to adb directory use the operating system’s deletion commands to eliminate them without performing any additional action. However, it cannot be consider a form of secure deletion because the information is not completely eliminat, since with the appropriate tools it is possible to recover data from a formatt device or files after emptying the recycle bin.

 

By rfgzsdf

Leave a Reply

Your email address will not be published. Required fields are marked *