That awesome spreadsheet you keep on you isn’t the only thing your flash drive can carry. Removable media, or portable media, is a well-known source of malware infections and has been directly tied to the loss of sensitive information in many organizations. Malware can be automatically installed on portable media without any user interaction.
The goal for defining removable media use is important to minimize the risk of loss or exposure of sensitive information.
Removable media includes but is not limited to:
- Flash drives (Also known as USB sticks, Thumb drives, USB keys)
- Memory cards
- External hard drives
- Other portable media (floppy disks, zip disks, etc.)
The general best practice for removable storage is to only use brand new or known clean removable media on your computer. For work computers, these “safe” drives should only be used on computers that are owned or leased by the organization unless explicit permission of the organization is given.
Moreover, sensitive information should not be stored on removable media unless it is encrypted in accordance with acceptable encryption methods. Even while encrypted, sensitive information should only be placed on removable media if it’s absolutely necessary.
Flash drives are still incredibly popular. How does your organization view them? If you don't use flash drives, what removable media do you use?