Study Reveals Most People Will Plug in Random USBs

usb driveThe findings from a recent study on USBs show that companies have to worry about end users compromising data. The study, conducted by University of Illinois, found that most people will pick up a random USB stick and plug it into their computers without considering any security risks. To conduct this experiment, researchers dropped 300 USB drives all over the University of Illinois’ Urbana-Champaign campus. Luckily for the students and faculty who picked up the USBs, instead of malware, the devices contained an HTML file with an image that would let researchers know if the file was opened. The devices also contained a survey so researchers could find out if people were thinking about security risks before they plugged in the USBs.

The researchers found that at least 48% of people will pick up a USB stick, plug it into their computers, and then open files without considering any security risks. Most people weren’t concerned about finding malware on the USBs. The majority of people (68%) said they didn’t take any precautions before plugging in the USB. Most of the people who plugged in the USBs said they were trying to find the owners. However, even though some USB sticks had an easily visible resume file with contact details, almost 50% of users delved through folders containing vacation photos first. People said that they were operating altruistically because they wanted to return the USB devices, but curiosity got the better of half of them.

The University of Illinois study shows the importance of data protection at the workplace. Most people will pick up a random USB and plug it into their computers without taking any security precautions. If the USB contains malware, corporate networks could become compromised. Corporations also have to worry about employees storing confidential information on a USB drive and then accidentally losing it. Even if people want to return a lost USB, it is likely that they will be tempted by curiosity and go through files.

Enterprises can use the following methods to prevent data from becoming compromised by a USB:

  1. Encrypt USB Drives: Companies should make sure that the USB drives their employees use are encrypted and require a password to access corporate files. A password request will prevent people from going through files, even if they intend to find the owner of the USB.
  2. Make Ownership Visible: Employees should have their company address written on a tag outside the USB. This way finders won’t have to go through the USB’s contents to find out who it belongs to, and company data will remain protected.
  3. Monitor Networks: Companies can monitor their networks for malware and unauthorized programs. Employees might download malware through a stray USB, but a security monitoring program can pick that up and alert IT teams before data is compromised.

Promisec Endpoint Manager (PEM) offers both malware protection and cyber threat detection capabilities. PEM’s endpoint security software monitors for threats and remediates issues before they cause problems for the enterprise. PEM also lets security professionals correct issues remotely and automatically without requiring the use of any heavy endpoint agents. PEM’s built-in reports deliver detailed information to IT teams and executives, so companies can see where they need to address security gaps. PEM’s security threat detection and remediation capabilities allows for enterprise data protection, and keeps information safe even from curious end users.

Security step

How to Do it?

  1. Keep USB & PCI ports locked as a policy
  1. Use endpoint agents to lock the USB and PCI ports.
  2. Apply GPO to lock the USB and PCI.
  3. Use Promisec Agentless technology to lock the USB’ and Monitor that DLP/NAC/Agents are actually locking the USB’s
  1. Monitor 24x7 any breach in USB lock policy and get alerts
Use Promisec Agentless technology to monitor 24x7 that no new USB device has entered any endpoint
  1. Monitor 24x7 if your content is being used/copied by unauthorized users
  1. Use DLP and other content management agents on the endpoint.
  2. Monitor & manage EveryOne Share credentials with Promisec’s agentless technology in PC’s and Servers to make sure only authorized users can see relevant content.
  3.  Monitor & manage Last Logged On user to the PC or Server with Promisec’s agentless technology in PC’s and Servers to make sure only authorized users are logged on to the PC or Server. Get immediate alerts on breaches.