Removable Media & Cybersecurity

According to the United States Department of Commerce National Institute of Standards and Technology (NIST), a removable media device or portable storage device is:

“A system component that can communicate with and be added to or removed from a system or network and that is limited to data storage—including text, video, audio or image data—as its primary function (e.g., optical discs, external or removable hard drives, external or removable solid-state disk drives, magnetic or optical tapes, flash memory devices, flash memory cards, and other external or removable disks).”

Why are these portable hard drives, USB flash drives, memory cards, or other formats important to consider when it comes to cybersecurity? Because in business they are constantly used to share information among team members and that means that they also provide an easy way for data to be stolen or lost. And ease of use among employees means that they provide cybercriminals with a way of dispersing dangerous malware as well.

Considerations When Using

If you and your employees are using removable media, encourage them to remember the following:

• Keep the devices safe and secured when not in use
• Encrypt the devices for safeguarding data
• Have a backup of the information that you are storing, and keep it in a secure location
• Device failure can result; these devices are not often designed for long life spans
• Alert your IT provider to any lost devices
• Never use unapproved removable media on work equipment
• Keep personal information off removable media that is used for professional purposes
• Turn in all removable media when they are no longer being used or need to be wiped clean before reusing

If you  should find removable media devices, remember:

• DO NOT install the device into their machine
• DO NOT click on any links that you find on the device
• DO turn the device over to your IT provider for evaluation

These devices should be addressed with the same care and policies that a laptop or mobile phone is regulated with. A single record or bit of data can compromise a business if found or misused. Ensuring that your employees are aware of these risks will keep your business safe and secure from online crime!

‍