Do You Trust Your USB Stick?

Despite evolving so rapidly in its few years of existence, the concept of mobile data storage is still relatively novel. So much so that many people don’t perhaps realise the risks a seemingly harmless USB stick could carry.

Yes they are convenient. They are easy to transport and easy to plug in; easy to lose and easy to load with whatever malicious code or viruses one fancies. Which is all the more reason not to trust them. Even leaving your own USB stick unattended could have disastrous consequences, should it fall into the wrong hands.

The Computing Technology Industry Association (CompTia) decided to conduct a simple test. They distributed 200 USB sticks around high-traffic public spaces across the US, and then monitored them to see how many were picked up and plugged into a computer.

A worrying 17% – that’s one in five – of the USB drives were plugged into a laptop or computer, without the finders having any idea about what was stored on them. Once the sticks were plugged in, a request for information would appear on the computer screen. Most people responded to these requests.

The primary focus of this experiment was to demonstrate just how easily cybersecurity could be compromised in the workplace. Not only were people readily trusting of the rogue USB sticks, they chose to plug them in at work. Thus seriously jeopardising their company’s cyber security as well as their own.

CompTia also surveyed 1,200 fulltime workers who use computers on the job. The survey revealed that 58% of employees relied on USB-based storage devices to transfer files across devices, and 35% had borrowed another person’s USB stick to copy or transfer a file.

It also suggested that Millennials are the most likely generation to pick up a USB storage device found in public. Which given their higher computer literacy, the lack of regard for security threats is perhaps even more concerning.

The lesson here then is for companies to take cyber security very seriously, and to train all employees in security literacy, policy and procedure. They are after all the first line of defence and so must be able to take more responsibility for themselves and their devices.