Next named exclusive Trail Blazer in NEW 2024 Radicati DLP Market Quadrant Report Read the Report
Updated: Jun 7, 2024   |  

Preventing Data Loss Through USB Drives

Go back

Preventing Data Loss Through USB Drives

USB storage devices are ubiquitous in organizations. Flash drives, external hard drives, and memory cards provide users with a convenient way to copy, store, and share data. However, these devices can also present risk to an organization’s sensitive data from careless and malicious users.

For example, attackers may target “curious” users through USB Drop Attacks where USB sticks containing malware are mailed to organizations or simply left on the ground near an organization’s headquarters.

Malicious insiders often use portable storage devices for data exfiltration. In a 2022 report by Ponemon, 50 percent of the respondents reported that malicious insiders used unauthorized external storage devices like USB drives to steal data. Examples are quite simple to find:

  • The UK’s Information Commissioner’s Office fined Heathrow Airport £120,000 over a lost USB memory stick that held unencrypted personal information on Heathrow security personnel.
  • An IT employee at a UK nuclear complex was fired after she left several memory sticks containing classified information in a car park at the facility. She claimed the unencrypted software was necessary to allow her “work at home on her own computer after managers locked away official unencrypted USB drivers by 4.30pm for security reasons.”
  • An IT technician in Japan left work with two USB drives containing personal information on all 460,000 citizens of the city of Amagasaki. Unfortunately, after a long night of drinking at a local izakaya, he awoke in the morning without the drives. A frantic search located the drives days later.


What Can Organizations Do?

Security and IT professionals recognize the risk to sensitive data through uncontrolled use of these devices. Managing this with legacy DLP solutions can be challenging. Determining which users can access and move which classes of data using granular rules requires constant oversight and adjustments. This is difficult for large organizations and puts undue demands on mid-sized organizations with smaller security teams.

However, with the right DLP solution there are simple strategies organizations can adopt to protect against the loss of sensitive data via USB storage devices.

1. Device Control: Look for a solution that can enforce control over USB storage devices by implementing policies that allow or restrict their usage. Administrators can define rules to allow only authorized USB devices or block specific types of devices altogether. This prevents unauthorized or potentially malicious USB devices from being connected to the system.

2. Content Inspection: Use a solution that can scan the data being transferred to USB storage devices to detect or block the transfer of sensitive or confidential information. To be effective, this should not require pre-classification of data. Real time inspection and classification – as used in Reveal – classifies data as it is created and used.

3. Behavioral Analysis: At times, data transfers to USB devices are legitimate. Rather than requiring granular rules that result in inevitable false positives (and false negatives!), some DLP solutions can employ behavioral analysis techniques to identify unusual or suspicious activities. For example, if a user suddenly starts copying a large volume of sensitive data to a USB device or if they attempt to transfer abnormal file types, it may trigger alerts or actions to prevent potential data theft.

How Reveal Helps

Next Reveal can distinguish between authorized and unauthorized USB devices to prevent users from mounting unauthorized USB drives that may contain malware and prevent users from copying sensitive information to unauthorized devices. In turn, administrators receive alerts when new devices are discovered, including CDs, DVDs, SD Cards, cameras, printers, wireless, and gaming devices.

Real time content inspection and classification on the endpoint identifies sensitive data such as intellectual property, PHI, and PII as it is created and used to block unauthorized users from moving it to USB-enabled devices while still allowing transfer of files locally. AI and machine learning on the endpoint allows Reveal to make faster decisions to train employees and stop data loss.

Importantly, Reveal helps educate users to make better decisions by providing incident-based training. Pop-ups reinforce corporate security policies and can require acknowledgement of corporate policies or block actions.

Want to learn more? Contact the data loss prevention experts at Next and see how easy it is to implement Reveal.



See how Next protects your employees and prevents data loss