The ever-present risk of removable media.
Remember when Palm Pilots and USB thumb drives were all the rage? Those were the days. Mind you, that was also when removable media became a serious threat—one still present to this day. But, of course, the last time I saw someone use a thumb drive, the Spice Girls were at the top of the charts, and Jason Bourne was just old enough to order his first beer.
So, what’s changed? Size and opportunity. In short, the threat has escalated due to the amount of data that can go missing, and connectivity is now virtual. As file sizes and types grow, so does the removable media meant to store it. External hard drives are now measured in terabytes, memory cards can hold thousands of files, and mobile phones, cameras and other mute-media devices can sync and go via connection or cloud at a moment’s notice.
Now, addressing the topic of external drives can be oddly nebulous. Storage has continuously increased, and that will never change. It remains in lock step with the media sizing‚there isn’t much more to say. But opportunity—that’s where things continue to evolve.
As we all know, the ability to connect remotely has presented cyber security challenges from day one. But, previous to 2020, most organizations still viewed remote connectivity as a novelty, relegated to travelling salespeople and the occasional contractor. Now, remote workers are the norm, and keeping a watchful eye on what they do behind closed doors is critical to maintaining security protocols.
To be clear, I’m not talking about the actual remote connection. That is for another day. Instead, I am referring to how removable media now plays a significant role in workflow and associated local storage. For example, many solutions now enable remote cache capabilities—built to address latency issues when working on large files. And whether that’s video and image production houses requiring remote editing capabilities to software engineering forms that need remote coding—whatever the vertical market, people are storing lots of data on remote media.
The problem is the fate of these remote drives, cameras, etc. For one, where the drive is stored or located at any given time should keep most IT people up at night. But, after all, put aside the nefarious nature of data breaches, the unfortunate reality of human nature is more common. I, for one, can’t remember where I left my car keys half the time. Apply that forgetful nature to a five+ terabyte drive filled with corporate data or code, and more significant problems arise.
We’ve also heard the horror stories of stolen files from cars, backpacks, etc. But, again, a file folder is minuscule in proportion to a drive that can hold the entirety of an organization’s mission-critical files.
But that’s not all. For one, malware can be introduced when sharing removable media. And depending on the prowess of certain criminals, data exfiltration can happen with the introduction of malicious code. And let’s not forget Autorun/Autoplay features—hackers love to leverage this functionality, setting malicious code to run automatically.
The good news is there is a solution for managing portable media. For one, I suggest developing a solid policy for all mobile devices—one that is easy to implement and easily managed. An excellent place to start is by encrypting all information stored on portable devices and ensuring a process is established and tested for wiping all devices before repurposing or recycling.