Removable media can store and transfer a lot of data and information which may be sensitive or confidential, meaning it creates many more risks for a business.
What are the risks?
- Loss of information is the device is misplaced or stolen, which compromises the confidentiality of the information
- Introduction of malware, which can infected removable media and any computers it connects to
- Information leakage and reputation damage as a result
- Financial loss from the stored data’s value or penalties if sensitive information is lost
How can the risk be managed?
- Produce corporate policies: This will outline processes and solutions to control the use of removable media
- Limit the use of removable media
- Scan all media for malware
- Audit media holdings regularly: Removable media should be formally issued by the organisation
- Encrypt the information held on the media
- Lock down access to media drives: secure baseline build should deny access to media drives (including USB ports) by default, and only allow access to approved devies
- Monitor systems: detect and react to unauthorised use of removable media
- Manage the reuse and disposal of removable media
- Educate users and maintain their awareness on risks and company policies