Almost everyone knows what a USB flash drive is, and it would be extremely unusual for a college student not to have used one at some point or another. USB flash drives, which are so named because they write to flash memory and can be plugged into your computer’s USB port, offer a quick and easy way to store data. Because of their small size they are sometimes called “thumb drives,” and this small size makes them portable and convenient. Flash drives give users the ability to carry data with them wherever they go, and access their data wherever they have access to a computer. Flash drives have a variety of different storage sizes and come with many different features, making them valuable tools for business professionals, students, and any other type of computer user.
The USB drive itself is an asset, as well as all of the information that is stored on it. My USB drive is a valuable asset to me because it gives me the ability to easily store and transport my data. The information stored on my flash drive is valuable to me because it includes files that I need for classes and other important data that I want to save. Because the flash drive and the information stored on it are so valuable, it is extremely important that a USB flash drive is properly secured. As the owner of a USB flash drive, I want to be sure that the data that I store on my flash drive is confidential so that no one besides me will be able to see the files that I have saved on the flash drive. I also want the data on my flash drive to have integrity. Since I frequently use my flash drive to store homework and papers, I want to be sure that my work does not get unintentionally altered in any way. I also want to make sure that the files on my flash drive are available. It is important that the data I save on my flash drive is still there when I go to load my flash drive again.
For an attacker attempting to exploit a USB hard drive, the main goal would probably be to gain access to the information that is stored on it (disclosure). A hacker may also compromise the integrity of data stored on a flash drive by changing it. He or she could prevent the data from being available to its owner by deleting it or stealing the flash drive (or both!). Unfortunately there will always be these threats because there will always be people looking to steal information in any way that they can, and insecure flash drives give hackers a perfect opportunity to do this.
Insecure flash drives have a number of vulnerabilities. If a flash drive is not password protected, anyone that has the flash drive can load it onto their computer and view the files that it contains. If there is no data encryption, a hacker can read everything on a flash drive, effectively accomplishing the goal of disclosure. Once a hacker gets access to the files on an insecure flash drive it is usually pretty easy to change or delete them as well. Flash drives are also vulnerable because of their small size. It is easy to forget about a flash drive and accidentally leave it plugged into a public computer, where anyone could come across it. It is also easy for a flash drive to fall out of a pocket or purse. Flash drives are especially vulnerable in a business setting because of the type of information they contain. A survey conducted by Sandisk revealed that 25% of business people with a personal flash drive used it to store personal records, 17% had stored company financial information, and 13% stored employee data. 12% of people surveyed reported that they had found a personal flash drive in a public place, and 55% stated that they would look at the stored data if they found one.
It is easy to see how this could become a recipe for disaster. If a business person had an insecure personal flash drive that contained this kind of sensitive information in his or her pocket and it fell out at some point during the course of the day, it could easily be picked up by anyone that happened to come across it. An insecure flash drive can therefore put a company’s financial information, personal employee information, and the personal information of all of its customers at risk. These types of risks will always be present as long as such sensitive information is stored on personal flash drives. This kind of risk came into play recently when 2 Medicaid insurance companies in Pennsylvania discovered that a flash drive containing medical and personal records for 280,000 patients had gone missing from a corporate office. There is also the risk of a hacker putting harmful information onto a flash drive that could hurt the unsuspecting user’s computer when the infected flash drive is plugged in. This kind of risk was demonstrated in 2008 when a flash drive that contained malware was put into a laptop at a US military base in the Middle East. The malware spread to other computers and was able to retrieve data from these computers and send it to the hacker. This is described as one of the worst military breaches in history.
Although risks will still be present, a flash drive user can significantly mitigate risks by buying a flash drive with a variety of secure features. Flash drives on the market today boast a myriad of these features. Some of these features include password protection, data encryption, finger print identification, keypads to enter a PIN on the outside of the drive, and antivirus software. Some even feature switches that change the flash drive to read only (preserving integrity) and some have separate portions for protected data and unprotected data. Of course, an expert hacker could probably find a way to get past many of these features. Companies can mitigate the risk of important business information being leaked by establishing clear guidelines about when personal flash drives are allowed to be used by employees and what kind of information they are allowed to take. Some companies have even completely prohibited the use of personal flash drives or glued USB ports on computers shut so that employees can’t use them. A user could avoid the risks that come with using a flash drive by using other methods to store and transport data, such as email attachments or an external hard drives, but these methods come with risks as well. One could also just accept the risk, especially if there is not sensitive information stored on the flash drive.
I think that the best plan of action for flash drive users right now is to 1) limit the amount and type of sensitive information that is placed on a flash drive 2) make sure that the flash drive is stored in a secure place and 3) invest in a flash drive that incorporates security features such as the ones mentioned above. Some examples of secure flash drives are the IronKey, Corsair Survivor, Kingston DataTraveler Secure-Privacy Edition, and the SanDisk Cruzer Professional. These are just a few examples; there are many flash drives available today that offer a variety of different security options. Hopefully these flash drives will enable users to feel confident that the data stored on their personal flash drives is properly secure.
References:
http://it.med.miami.edu/x1129.xml
http://www.everythingusb.com/flash-drives.html
Posts
No comments:
Post a Comment