USB flash drives and ports can be a security risk based on a number of cases. Users should be aware of the security risks to ensure their safe use in order to protect University assets.
Source of Malware
USB drives can become a vector (method) for infecting systems with unwanted applications such as virus, Trojans, worms, and key loggers. To prevent infecting your devices and other university systems, do not insert USB drives from unknown sources. A common way used by criminals to get into a system is to leave infected USB drives laying around in the hope of being found by unsuspecting users. These victims typically will attach these USB drives to their systems to determine what is on them without realizing that their system is being infected.
Protect Sensitive Information
USB devices are easily lost, do not put sensitive information on unprotected devices. University policy requires sensitive University data that is put on a USB to be encrypted. If lost, the information on an encrypted USB drive is kept safe. The Information Security Office provides 4 GB LOK-IT Encrypted Drives available to faculty and staff. If you require one, send a request to firstname.lastname@example.org.
If a university owned USB drive is lost or stolen, report it to the Information Security Office and indicate what type of information was contained on the drive and if the drive was encrypted.
Keep your Computer updated with patches and anti-malware.
Be sure your operating systems, applications and anti-malware is kept up-to-date. This helps prevent malware from taking advantage of vulnerabilities on your computer whether it is from an infected USB drive or another source. It is also wise to disable the auto run feature on your systems which allows applications to start automatically when you plug in a USB.
Be aware of hardware keyloggersAnother method of malicious activity includes a “hacker” plugging in a USB device on a targeted computer that is designed to collect keystrokes from a keyboard.
|Hardware Keylogger||The typical use of a keylogger is to harvest user names a passwords used by anyone using the computer; this gives the “hacker” a way of stealing your passwords in order obtain access to computer systems or websites that may have sensitive personal or institutional information. To guard against this, check for USB devices that have been plugged into your computer systems without your knowledge.|