Lecture

LESSON 3:
REMOVABLE MEDIA

SEC 101 – SECURITY AWARENESS

Lesson Objectives:

1. To understand the use of removable media.

2. To understand the risks and to know how to use the removable media devices
safely and responsibly in an organization.
3. To understand the risk involved in using removable media

SEC 101 – SECURITY AWARENESS 1-2

WHAT IS REMOVABLE MEDIA ?

Removable media can be thought of as a portable

storage medium that allows users to copy data to it and
then take it off site, and vice versa. It presents itself as a
convenient, cost effective storage solution that is available
in many different size capacities and form factors, with
differing transfer speed capabilities. Removable media
can take many forms:

SEC 101 – SECURITY AWARENESS 1-3

• USB Drives (Pen Drives, Portable Hard Drives).
• Smartphones, music players and similarly
equipped handheld devices
• SD Cards
• Optical Media (CDs, DVDs, Bluray)
• Legacy Media (T)
• As you can see, removable media encompasses
a large group of storage technologies, which is
why some people have difficulty understanding
what is meant by the term. Adding to some of
this confusion is the function that removable
media serves. There are a few different
applications for removable media, including:
SEC 101 – SECURITY AWARENESS
• Backup storage for files on PCs, laptops and servers
• Additional storage space for PCs and laptops
• A bootable Live Operating System
 A bootable installation media such as Windows and
Linux
•There are many reasons why removable media might be
required in your business environment, and there are valid
reasons why you might allow such devices on your network.
However, as with most technologies, there are risks
involved. The following information will seek to detail the
potential risks, as well as some techniques that will help you
to minimize your company’s risk of exposure to the dangers
that are associated with removable media. This information
needs to be passed onto your users via the following
methods, with which we go into more detail towards the end
of the article. They are:
1-4
 Initial user training and IT policy explanations
 Periodic refreshers
 A concerted ongoing awareness campaign from the IT department
 Newsletters and company-wide email reminders

SEC 101 – SECURITY AWARENESS 1-5

 WHAT ARE THE RISKS INVOLVED W/
USING REMOVABLE MEDIA ?

There are many advantages to using

removable media, chief among which is the quick
and convenient means by which users can copy,
transfer and backup data. This same ease of use
and convenience is part of the problem with  Data Security
 Malware Infections
removable media, however, as malware and  Copyright Infringement
viruses are able to easily replicate and distribute  Hardware Failures
themselves to unprotected removable storage
devices that are not write-protected. Here are
some other risks that removable media can expose
your company to, if not managed properly:

SEC 101 – SECURITY AWARENESS 1-6

Data Security
Any time that an employee copies
sensitive data to removable media such as a thumb
drive or CD, there is a risk of that data being It is important to remember that once a device is
accessed by unauthorized personnel. One such no longer in your possession, you have no control
case occurred in 2012 when a detective in over the data or who has access to it. Confidential
Manchester, England had his house burgled. His information can then be transmitted to other
USB stick containing the details of over 1000
parties, or posted online for all to see. There are
some devices and software applications that
individuals relating to investigations was stolen
encrypt data on your device or media, giving you
during this incident. Greater Manchester Police
an added layer of protection in the event of your
was then fined over £120,000 ($155,000 at today’s
device getting lost or stolen.
exchange rate) following an investigation of the
incident. So we can see that there are real financial
implications for such occurrences because of the
seriousness of data security breaches.

SEC 101 – SECURITY AWARENESS 1-7

Malware Infections
Malicious software, or malware, is a major
problem for modern businesses. Malware is able to
spread via removable media, and it is risky to use such Media Failure
media if the source cannot be identified .One such Removable Media is inherently risky as a primary
example is a recent study that has shown that as many storage solution, and for many reasons. Due to the low cost
as half of the USB sticks that are picked up in parking and high production quantities of the different media types
and devices, some may have shorter life spans than others. It
lots of business properties are then plugged into the
is therefore really important for users to understand the
user’s computer once they get inside their offices. This
importance of storing sensitive, important and confidential
means that any malicious software that is on the USB information safely and securely on the organization’s file
drive can then infect the company network. Rewriteable server or NAS device. This is so that in the event of media
CDs, DVDs, and BluRays are all capable of delivering failure, loss, theft or damage, then the data that is lost on the
a malicious payload if autorun is enabled on a desktop media is at least backed up to another source.
PC, laptop or server, so having an up to date antivirus
application is essential for businesses to ensure the
continued safety of their network.

SEC 101 – SECURITY AWARENESS 1-8