10 Best Security Practices for Removable Media and Devices
Removable media gives users convenience when it comes to accessing personal or business data on the go. USB flash drives are one of the most popular removable media devices used today and as the use increases, so do the associated risks. Hackers tend to go after popular devices and search for possible ways to install malware. Using these devices will increase the risk of data loss, data exposure, and there is an increased chance of network-based attacks.
1. Encrypt your data: Encryption of stored data, file systems, and across-the-wire transfers is essential to protect sensitive data as well as to help prevent data loss due to equipment loss or theft.
2. Use digital certificates to sign all of your sites: You should obtain your certificates from a trusted Certificate Authority, and instead of saving your certificates on the Web server, save them to hardware devices like routers or load balancers.
3. Implement a removable media policy: Devices like USB drives, external hard disks, external DVD writers, or any writeable media facilitate security breaches coming into or leaving your network. Restricting the use of those devices is an effective way to minimize security threats.
4. Implement DLP and auditing: Be sure to use data loss prevention and file auditing to monitor, alert, identify, and block the flow of data into and out of your network.
5. Use a spam filter on your email servers: Using a time-tested spam filter such as Spam Assassin will remove unwanted emails from entering your inbox and junk folders. It is important that you identify junk mail even if it’s from a trusted source.
6. Secure websites against MITM and malware infections: Start using Secure Sockets Layer (SSL) which creates a secure connection between a user and server, over which any amount of data can be sent securely. Through SSL, you’ll be able to scan your website daily for malware, set the Secure flag for all session cookies, as well as use SSL certificates with Extended Validation.
7. Use a comprehensive endpoint security solution: Using antivirus software alone is not enough to provide defense against today’s security threats. Go for a multi-layered product to prevent malware infections on your devices.
8. Network-based security hardware and software: Start using firewalls, gateway antivirus, intrusion detection devices, and monitoring to screen for DoS attacks, virus signatures, unauthorized intrusion, and other over-the-network attacks.
9. Maintain security patches: Make sure that your software and hardware defenses stay up-to-date with new anti-malware signatures and the latest patches. If your antivirus program doesn’t update on a daily basis, be sure to set up a regular scan and a remediation plan for your systems.
10. Educate your employees: As simple as it sounds, this might be the most important non-hardware, non-software solution available. An informed user will more likely behave more responsibly and take fewer risks with valuable company data resulting in fewer threats to your organization.
Conclusion
Using removable media, like a flash drive, can be dangerous within an organization because the malware can bypass the security solution deployed at an organization’s network perimeter. USB drives are the best ways for hackers to exfiltrate sensitive data from an organization and are more difficult to detect. Each time a removable media device is used, there is a possibility that a computer may become infected.