Removable storage media are data storage media which, as their name would indicate, can be transferred from one computer to another. They will typically be optical discs, such as CDs or DVDs, but they can also be external hard drives, memory sticks, and more. Because of their portability, these storage media can represent a security breach for your network.
Some malware specialises in spreading themselves by USB sticks or external hard drives. Generally speaking, it uses Windows “autorun”. This automatically executes an application when the stick or hard drive is connected.
Although Microsoft changed the default behaviour when it released a patch, meaning that the ‘autorun’ should no longer be activated by default, it is recommended to take care when using memory sticks:
The theft of files or information can be facilitated by the use of removable storage media. Make sure you block USB ports and optical readers on your workstations. This will not prevent leaks over the Internet, so it would also be of use to consider DLP – Data Leakage Prevention.
It is sometimes possible to find this type of storage media lying around. Sometimes, simple human curiosity drives us to collect these tools and to look at what’s inside. Or if we are in a rush, we might be tempted to take the first storage media that we come across. But this can end badly: some USB keys can easily transform themselves into ‘USB Killers’ – a tool causing a powerful electrical discharge when inserted into a machine. You should, therefore, draw up an IT charter or internal instructions stating that the hardware used must be familiar to the person using it.