Tech Talk: Users Using USBs


(Amy) #1

Do you lock down your USB ports in your environment? I was reading an article that a USB was found outside of Heathrow Airport in London that included at least 174 documents, some of which were marked as “confidential” or “restricted,” and it reminded me that the bad guys are everywhere, including inside our own organizations.

If you don’t have them locked down, how do you secure your confidential information for your organization?

On the other end of the spectrum, would your users plug in a mystery USB stick into their machine if they found it laying around, and it looked like it held interesting information?

Prior to KnowBe4, I was a network administrator, and while I did everything possible to harden the network to intrusion, my organization had to leave the USB ports active in the user’s machines and it was something that was of constant concern. IT and security teams have to trust that their users won’t plug in anything malicious to their networked machines, and also
be trusted not to copy confidential information they have access to.

Run your own USB Drive Test:
KnowBe4 USB Drive Test
Video: How to run a USB Drive Test
Free USB Security Test Quickstart Guide


(Borg Xaeus) #2

Yes, I lock them. There’s a special security program of Korean design that does that very well and for the workstations not having it the lock-down is configured from the anti-virus.

Confidential information cannot be accessed even if you steal documents, because they are encrypted by a manner similar to the ones used by ransomware, so practically if you somehow get a document you cannot read it outside the company. The software offers the possibility of forced decryption but that is doable as a 2-way system and only the administrator can generate the decryption key based on a key requested officially by the user.


(Todd) #3

We currently do not lock down our USB Ports. Our Anti-Virus does have the feature to lock them down, but until I run a KnowBe4 USB Test to get a better idea, I will leave them unlocked. After the USB test, I will most likely begin to limit some users until I get a rollout of allowable USB drives.

But since we are really increasing our security and awareness for 2018, I am sure the users are going to be :angry: :slight_smile:


(Ryan Lear) #4

We don’t lock down the USB but we do disable auto run and, even though signature scans are not super effective, all USB drives that are installed are automatically scanned for viruses. We also have an endpoint solution deployed that monitors suspicious activity on the pc and stops it. To top it off we have egress rules in place at the client and the network to keep evil actors from calling back home.

My big concern with USBs is with printers. USB printing is pretty much a standard feature on enterprise printers these days and there seems to be very little we can do in the way of managing the key once it is plugged in to the printer.