USB technology is widely used and you’d be hard-pressed to find an organization that doesn’t utilize USB devices in some way, shape, or form. However, these devices often harbor unexpected threats that could put the security of your entire infrastructure in jeopardy. All it takes is one infected device to compromise your network. Do you know where your USB devices have been?Since USBs are prized for their portability, they can be used for a myriad of purposes. USB flash drives or hard disk drives can be used to transport files, both compactly or in bulk. Many keyboards and computer mouses operate with USB technology these days. That’s not even mentioning the plethora of USB dongles that are used to connect other devices to your computer.
Now, imagine this scenario. An employee finds a USB drive on the ground and, curious to find out what’s on it, plugs it into their company-issued workstation. They might do this to make sure that good technology isn’t just left lying around, or maybe their curiosity just got the best of them. Either way, the files on the device could contain executable malware that can threaten your business. In many cases, the user might not even be aware that malware has been installed on the computer, and it can spread viruses or install trojans that allow for remote access at a later date.
In fact, there’s been a recent report from May 2016 of a $10 USB device that’s capable of logging keystrokes on wireless Microsoft keyboards and transmitting the signals over a wireless frequency. Whitehat hacker Samy Kamkar built it out of a USB phone charger, which is so commonplace these days that nobody would think twice about seeing it plugged into the wall of your office. The threat of these types of devices is so significant that the FBI saw fit to issue a statement warning professionals of their dangers. While no attacks have been found in the wild, it’s still best to take the warning to heart and apply it to your own cyber security practices.
The root of the problem–the theft of data before it reaches its destination–extends well beyond Microsoft wireless keyboards, too. Any wireless device that sends signals that aren’t encrypted could potentially be intercepted by hackers using similar techniques. This method can be used to harvest data that could lead to the theft of personally identifiable information, login credentials, or financial credentials. It’s not unlike a hacker intercepting data over an unsecured wireless Internet connection.
Is your business prepared to handle these outside-the-box threats? All it takes is one mistake to expose your company’s data to those who would do it harm. In instances like this, you should make a policy that any and all devices your employees want to use should first go through your organization’s security protocol. This will help ensure that the devices are not threats to your critical infrastructure. Emphasize that your organization should only be using encrypted data storage devices whenever possible, and you can’t go wrong.
For more information about how to keep your business safe, contact us at 604.931.3633.