USB Memory Sticks is the great security risk
The primary risks associated with USB memory sticks can be identified as:
Virus Transmissions - Data sharing opens up an avenue for viruses to propagate
Corruption of data - Corruption can occur if the drive is not unmounted cleanly
Loss of data - All media is susceptible to data loss
Loss of media - The device is physically small and can easily be misplaced
Loss of confidentiality – Data on the lost physical media can be obtained by others
Virus Transmissions
Whenever files are transferred between two machines there is a risk that viral code or some other malware will be transmitted, and USB memory sticks are no exception. Some USB memory sticks include a physical switch that can put the drive in read-only mode. When transferring files to an untrusted machine a drive in read-only mode will prevent any data (including viruses) to be written to the device. If files need to be transferred from an untrusted machine, the only countermeasure is to immediately scan the memory stick before copying files from it.
Corruption of Data
If the drive is physically lost or uncleanly unmounted, then data loss can occur. Physical loss is covered in the next section and corruption can usually be prevented. USB memory sticks differ from other types of removable media, such as CD and DVD-ROMs because the computer usually has no way of knowing when USB memory sticks are going to be removed. Users of USB memory sticks usually need to alert the computer that they intend to remove the device, otherwise the computer will be unable to perform the necessary clean-up functions required to disconnect the device, especially if files from the device are currently open. The OS will attempt to handle unexpected disconnects as best it can, so often no corruption will occur. However, it is still advisable to research the preferred method for unmounting the device according to the OS documentation.
Data loss
Although most USB memory sticks have no moving parts and thus are considerably less prone to mechanical wear than their older and larger counterparts, loss of data can still be an issue. Aside from mechanical failure, data can be lost by accidental erasure, or overwritten. No write capable media device is immune to this risk. The best safeguard against loss of data is frequent and proper backups, as with any other media type. Because of their propensity for physical loss USB memory sticks are best suited as intermediary storage, so it isn't advisable to store the only copy of an item on the memory stick.
Medis loss
Data loss can occur if the memory stick is physically lost. Untethered drives are most at risk of being physically lost because their lightweight nature allows them to slip out of pockets unnoticed. To protect against physical loss of the device, it’s advisable to have the device tethered to something, preferably a keychain. Some devices have lanyard-style tethers, but use these with caution as the lanyard may only tether the drive cap and not the drive itself, which leaves the drive at risk of falling away unnoticed. Drives tethered to a keychain are less likely to be permanently lost because they are attached to another item that the user has presumably already learned not to lose.
Confidentiality loss
Perhaps the greatest benefit of the USB memory stick is also its greatest security risk. Because of its convenient small physical size and large logical size compared it predecessor, the floppy disk, more data can find its way to the USB Memory stick. Some of this data is likely to be confidential and becomes a risk if the media is lost. An executive who uses a memory stick to transfer a customer database from his desktop to laptop could potentially subsequently lose the memory stick. If the stick then finds its way into the hands of a competitor, then the company has suffered a much greater loss than simply the replacement cost of the memory stick. In a similar scenario, if a healthcare professional loses a memory stick containing patient records, then there are legal liability issues associated with HIPAA regulations.
No comments:
Post a Comment