2. To understand the risks and to know how to use the removable media devices safely and responsibly in an organization. 3. To understand the risk involved in using removable media
SEC 101 – SECURITY AWARENESS 1-2
WHAT IS REMOVABLE MEDIA ?
Removable media can be thought of as a portable
storage medium that allows users to copy data to it and then take it off site, and vice versa. It presents itself as a convenient, cost effective storage solution that is available in many different size capacities and form factors, with differing transfer speed capabilities. Removable media can take many forms:
SEC 101 – SECURITY AWARENESS 1-3
• USB Drives (Pen Drives, Portable Hard Drives). • Backup storage for files on PCs, laptops and servers • Smartphones, music players and similarly • Additional storage space for PCs and laptops equipped handheld devices • A bootable Live Operating System A bootable installation media such as Windows and • SD Cards Linux • Optical Media (CDs, DVDs, Bluray) •There are many reasons why removable media might be required in your business environment, and there are valid • Legacy Media (T) reasons why you might allow such devices on your network. • As you can see, removable media encompasses However, as with most technologies, there are risks a large group of storage technologies, which is involved. The following information will seek to detail the why some people have difficulty understanding potential risks, as well as some techniques that will help you what is meant by the term. Adding to some of to minimize your company’s risk of exposure to the dangers that are associated with removable media. This information this confusion is the function that removable needs to be passed onto your users via the following media serves. There are a few different methods, with which we go into more detail towards the end applications for removable media, including: of the article. They are:
SEC 101 – SECURITY AWARENESS 1-4
Initial user training and IT policy explanations Periodic refreshers A concerted ongoing awareness campaign from the IT department Newsletters and company-wide email reminders
SEC 101 – SECURITY AWARENESS 1-5
WHAT ARE THE RISKS INVOLVED W/ USING REMOVABLE MEDIA ?
There are many advantages to using
removable media, chief among which is the quick and convenient means by which users can copy, transfer and backup data. This same ease of use and convenience is part of the problem with Data Security Malware Infections removable media, however, as malware and Copyright Infringement viruses are able to easily replicate and distribute Hardware Failures themselves to unprotected removable storage devices that are not write-protected. Here are some other risks that removable media can expose your company to, if not managed properly:
SEC 101 – SECURITY AWARENESS 1-6
Data Security Any time that an employee copies sensitive data to removable media such as a thumb drive or CD, there is a risk of that data being It is important to remember that once a device is accessed by unauthorized personnel. One such no longer in your possession, you have no control case occurred in 2012 when a detective in over the data or who has access to it. Confidential Manchester, England had his house burgled. His information can then be transmitted to other USB stick containing the details of over 1000 parties, or posted online for all to see. There are some devices and software applications that individuals relating to investigations was stolen encrypt data on your device or media, giving you during this incident. Greater Manchester Police an added layer of protection in the event of your was then fined over £120,000 ($155,000 at today’s device getting lost or stolen. exchange rate) following an investigation of the incident. So we can see that there are real financial implications for such occurrences because of the seriousness of data security breaches.
SEC 101 – SECURITY AWARENESS 1-7
Malware Infections Malicious software, or malware, is a major problem for modern businesses. Malware is able to spread via removable media, and it is risky to use such Media Failure media if the source cannot be identified .One such Removable Media is inherently risky as a primary example is a recent study that has shown that as many storage solution, and for many reasons. Due to the low cost as half of the USB sticks that are picked up in parking and high production quantities of the different media types and devices, some may have shorter life spans than others. It lots of business properties are then plugged into the is therefore really important for users to understand the user’s computer once they get inside their offices. This importance of storing sensitive, important and confidential means that any malicious software that is on the USB information safely and securely on the organization’s file drive can then infect the company network. Rewriteable server or NAS device. This is so that in the event of media CDs, DVDs, and BluRays are all capable of delivering failure, loss, theft or damage, then the data that is lost on the a malicious payload if autorun is enabled on a desktop media is at least backed up to another source. PC, laptop or server, so having an up to date antivirus application is essential for businesses to ensure the continued safety of their network.