You might not know the answer to that question until it’s too late. Unfortunately, the most common response to finding a USB drive is to plug it in. Virus-writers count on that response when they design the latest malware threats.
Network World discusses the way the Stuxnet worm has exploited this vulnerability.
Many companies have focused on the worm’s ability to spread via USB flash drives. Malicious programs spreading through infected such devices have become a major problem for corporations, because of employee curiosity. In penetration tests conducted by Leviathan Security, 8 out of 10 employees that found a USB drive plugged it into a computer. All of those workers then went on to open up a spreadsheet labeled “LayoffNotice.xls,” says Frank Heidt, CEO of Leviathan.
“You can tell your people, ‘Hey, don’t plug in USB sticks into your network,’ but that is antithetical to human nature,” Heidt says.
One way to combat this problem is to restrict unknown USB devices from your network and only allow devices with built-in antivirus protection. Kanguru includes integrated malware protection as a standard feature on all new secure flash drives. The network restrictions can be easily managed with Group Policy or one of the many Endpoint Security products now on the market.
Data Security, Malware, Portable Storage
The Examplas blog picks up on a recent SC Magazine story:
We were intrigued to find out the results of a recent survey of dry cleaners today. Yes, that’s right, dry cleaners. How on earth could that possibly be of interest to us at Exemplas, you cry? Well, because of one nugget of information that leapt out at us- more than 17,000 USB sticks were left in items of clothing deposited at the dry cleaners in 2010!
The survey canvassed more than 500 dry cleaners and launderettes in the UK and found that USB sticks continue to turn up where they don’t belong.
Data Security, Portable Storage
The Dept of Health and Human Services is stepping up enforcement of HIPAA privacy laws by handing out new fines against two violators.
From Government Computer News:
HIPAA requires health plans, health care clearinghouses and most health care providers to protect the privacy of patient information through administrative, physical and technical safeguards.
After an investigation by OCR, the agency found Mass General in violation when an employee left documents relating to 192 patients on a subway train. The documents, which were never recovered, included information on patient names, dates of birth, medical record numbers, health insurers and policy numbers, diagnoses and name of providers for 66 of those patients. HHS discovered the loss after a patient reported the records lost on March 9, 2009.
Mass General was fined $1 Million for this violation. Imagine how many USB flash drives and other portable devices get lost in subway trains, taxis and other public places every year. With HHS handing down stiff penalties, it’s time to consider security plans for these devices.
Data Security, Healthcare, Portable Storage
It might be on a flash drive owned by a government employee and it probably isn’t encrypted.
KATU has the story of a lost flash drive containing social security numbers for about 300 Oregon Dept of Corrections employees. It’s not clear whether the Dept had a security policy in place regarding portable storage. These incidents are preventable with the right combination of technology and security policies.
Data Security, Portable Storage
Don’t let an unsecure flash drive cause business disruption, productivity loss, revenue loss, and fines.
Recent events in the news have demonstrated the ease with which portable devices can be used to steal confidential data.
Avoid your own personal Wikileaks by securing your USB flash drives. Kanguru’s secure flash drives and remote management capabilities provide excellent protection against data leaks.
The Kanguru Defender Elite coupled with Kanguru Remote Management Console (KRMC) give CIO’s and CISO’s an unprecedented level of control over their flash drives. Data breaches can be prevented with features such as:
Remote Disable/Delete – Remotely disable or delete devices compromised by rogue employees to protect sensitive information and prevent data breaches.
Domain/IP Control – Restrict drive usage to approved domains & IP ranges and prevent unauthorized use in external networks.
Offline Restrictions – Control whether devices can be used offline. Prevent unauthorized use in external networks.
Auditing and Reporting – KRMC enforces a full audit trail with detailed graphical reporting and the ability to export both customizable audit logs and graphs for external analysis to ensure proper compliance.
Data Security, Financial, Government, Portable Storage
Dark Reading summarizes the annual threat report from PandaLabs. Virus writers were hard at work in 2010 and many of them were focused stealing banking and financial data.
Banker Trojans still dominate the ranking of new malware that appeared in 2010 (56 percent of all samples), followed by viruses and worms. A relative newcomer to the malware landscape, rogueware (fake antivirus software) now comprises 11.6 percent of all the malware gathered and has been given its own category.
Find out more about how Kanguru can protect your organization from USB-borne viruses and malware.
Data Security, Portable Storage
UPI is reporting on a story from South Korea’s Yonhap News Agency, which has all the ingredients of a great mystery plot: Secret battle plans, a missing USB flash drive and a potential cover-up.
“The military unit, the DSC and ministry of defense were all informed of the case but never took action,” a source said in the Yonhap report. “It (the drive) contains confidential information on national security, but nobody knows where it is.”
The story lacks detail, but it’s not a stretch to believe that a large organization has know idea where it’s IT assets are. This is a common problem.
Kanguru’s Remote Management Console solves this issue for USB flash drives. Administrators can view exactly when and where each device is being used. The moment that a drive is reported missing, an automatic delete or disable command can be issued from the console.
Data Security, Government, Portable Storage
The loss of portable devices is gaining more attention as companies strive to balance security concerns with user productivity. Last week, a group of experts gathered to discuss laptops in particular.
Intel on Thursday brought together a panel of technology security experts to discuss the findings of a recent survey it sponsored, entitled, “The Billion Dollar Lost Laptop Problem.” Conducted by Ponemon Institute, the survey gathered data from 329 organizations that have lost a total of more than 86,000 laptops worth a combined $2.1 billion in the past year. Forty-six percent of these systems contained confidential data, but 70 percent lacked basic precautions including encryption, back-up and anti-theft technology.
The numbers are similarly scary for portable storage devices like USB flash drives. While these drives are extremely convenient for employees, the data stored on the drives needs to be protected.
Members of the panel pointed out two key areas for improving security. One was implementing security controls that don’t require user intervention. When implementing encryption, it should be seamless and automatically enforced. Another method of improving security is to include a remote kill or disable technology, so that lost devices can be locked down and secure from leaking data. Making these features standard in portable devices will go a long way toward preventing future data breaches.
Data Security, Portable Storage
German IT distributor, OPTIMAL System-Beratung, was overwhelmed by visitors’ interest in the Kanguru Defender Elite at the it-sa security convention in Nuremberg, and the local press is beginning to take notice as well.
“The experts were particularly interested in the virtual operating system and enterprise-wide management of the sticks,” said Bert Rheinbach, managing director of OPTIMAL System-Beratung.
Read more:
Cartoon explains the most secure USB Stick in the world, Elektronik Praxis (german)
How the most secure USB flash drive in the world works, CRN.de (german)
Need translation tools?
Data Security, Portable Storage
Data breaches that expose confidential medical data are costing healthcare providers $6 Billion a year. SC Magazine reports on a new study by the Ponemon Institute and the results are not good.
The top three causes of breaches were unintentional employee action, lost or stolen computing devices and third-party accidents. The average number of lost or stolen records per breach was 1,769.
The survey found that breaches have cost the U.S. health care system $12 billion over the past two years. The economic impact of a data breach was approximately $2 million per organization over a two-year period.
Expect the number of records per breach to increase as portable devices continue to grow in capacity and shrink in price. Employees may have good intentions when they take the entire database home with them, but data breaches often result when a car is broken into or a thumb drive slips out the pocket. Healthcare organizations need a policy for securing USB devices and it needs to be enforced automatically.
Data Security, Healthcare, Portable Storage
Follow us on Twitter