USB drives go by many names — flash drives, USB pens, USB sticks — but one thing they seem to share is being completely innocuous. Individuals and businesses rely on them every day to commute files between home and work, or between work computers. USB drives are so ubiquitous that we scarcely think twice about plugging one in. But should we?
The reality is that USB drives can pose a major cybersecurity risk. In this article, we’ll explore the pros and cons of using USB drives in a workplace setting, and whether it’s worth ditching this trusty technology for something more modern, and ultimately safer for your business’ data.
USB drives and businesses
USB drives have been arguably the most popular form of portable storage for the past 20 years or so. From the days when 128MB would set you back half a month’s salary, today’s USB drives are an extremely fast, portable and cost-effective way of moving even large files. With storage sizes in the hundreds of gigabytes, and compatibility with almost every device, USB drives are a familiar part of the tech landscape for many businesses.
Despite most physical media becoming more or less obsolete over the past few years, USB drives persist for a few reasons. One is the benefits they offer when transferring large files. With many of us not being blessed with fast internet (either at home or at work), USB drives are often the quickest way to transfer large files such as projects or media between one computer and another, particularly with the advent of USB 3.0.
USB drives are also widely supported, with most devices featuring a USB connector, or having the option to use a USB adaptor. The popularity and longevity of USB drives also means that they are familiar and easy to use for most people: you simply plug it in, and the folder often opens itself, giving you immediate access to the files you need. Finally, they offer a quick and immediate increase in storage capacity, allowing you to free up space and improve performance on your computer, particularly laptops with smaller hard drives.
Despite this, a number of large organisations have begun to ban USB drives, particularly in the tech industry. Arguably the start of this trend was IBM’s ban in 2018, which extended beyond USB drives to all forms of removable media, including formats such as SD cards. Despite USB drives having legitimate uses, IBM decided that the human risk factor was too great, and many of their peers have since followed suit.
What are the risks posed by USB drives?
What many people don’t realise is that USB drives can pose a serious security risk. This doesn’t mean that they are inherently dangerous; indeed, many people use them every day with no ill effects. The problem is that they provide a backdoor into the secure environment of a business’ IT systems. If you have been using a USB drive on a computer infected with malware, that drive can then pass that malware on, and start a chain reaction.
Think of it in the familiar terms of a pandemic. Your office computers will generally exist on what’s known as a local area network, or LAN. This connects the computers and other devices (e.g. printers) together, allowing them to pass data between each other. The LAN is like a secure office environment, where only uninfected people can enter and talk to each other. Anyone wishing to enter that secure environment has to pass a kind of screening to ensure they aren’t infected.
What a USB drive represents is a potential infection vector. It’s like going into work when a friend you saw at the weekend has fallen ill. You might not be infected, but you do present a risk of infection. When you plug a USB drive into a computer, that infection could then spread across the LAN or WLAN to other devices, and infect them as well. Before you know it, the entire network and all of its devices have been compromised, putting data at risk or putting them out of action entirely.
A common tactic of cybercriminals is to leave infected USB drives near workplaces, in the hope that somebody will pick one up and plug it in to find out what’s on it. Doing so can render many of the usual precautions against viruses and other malware useless. Malware executed from a USB drive can include things like ransomware, which locks away files or entire devices until you pay a ransom fee; or keyloggers that record the passwords you input, and use them to gain access to your online accounts.
As well as the cybersecurity risks posed by plugging in USB drives, they also lack built-in security features. While USB drives can be encrypted to protect the data held within, most people do not know how to do this, or simply neglect to. This means that if you lose a USB drive containing work documents – easily done given their size — whoever finds that could gain access to sensitive data, constituting a serious data breach.
Alternatives to USB drives
The good news is that there really isn’t any reason to use USB drives anymore, at least within a business setting. Viable alternatives exist that negate most of the advantages of USB drives, providing a high level of accessibility, security, and convenience. Here are just of the few alternatives businesses can adopt to phase out the use of USB drives:
Enterprise file sharing
The best way to share files between systems on different networks is an enterprise storage solution. While this may involve cloud file sharing, the ‘enterprise’ distinguishes it from consumer file sharing solutions such as Dropbox or Google Drive. Many of these exist in enterprise formats as well, making this particularly confusing!
The most obvious differences between an enterprise and consumer file sharing solution are generally the level of security they offer, and the ability to deploy across a variety of mediums, from public cloud to private cloud to on-premise servers. This level of control allows you to closely track where and how data is stored, dictate how data is accessed, and keep a record of who has accessed what and when.
Enterprise storage will generally provide a high bandwidth (for simultaneous file transfers), a high number of active accounts, and a large amount of storage space. All of this will usually be packaged in an easy-to-use software environment, with apps for different devices (e.g. phones) to quickly and safely transfer files. All of this makes it far safer and more transparent than the alternatives — and an ideal replacement for USB drives.
Document collaboration software
A similar alternative to enterprise file sharing is document collaboration. Services such as Google Drive, Microsoft 365 and Microsoft SharePoint allow users to collaborate on various types of documents; and in the case of SharePoint, on internal websites. Instead of sharing different versions of a document around, users can simultaneously access a single copy of the document, which updates in real-time, and tracks the changes made to it.
Document collaboration software is ideal for files such as word documents, spreadsheets and presentations, largely thanks to how it tracks version histories. As well as logging the changes made by each user, you can scroll back through the changes made to a file, and revert to an older version. While it’s less useful for larger files such as media, it’s still a great way to organise documents — though not without caveats around data security, as data breaches to Google Drive in 2017 and 2018 demonstrated.
If all else fails, there’s nothing wrong with emails. While emails pose some security risks – you might accidentally forward a sensitive email or file to someone, or include them in a CC – using common security protocols allows emails to be sent safely without being intercepted by bad actors, and stored in encrypted form on remote servers.
The major downside of email compared to the other methods is organisation. Emails are a means to send messages, not a means to organise data, so files can very easily be lost track of. A file you were supposed to delete might exist on an email server for years without you realising, buried in a lengthy email chain – and version histories are a nightmare to keep track of.
USB drives still have a place in the modern world, but for businesses increasingly looking to improve data security and transparency, they represent an untenable risk. By switching to an enterprise file sharing or file collaboration solution, either based in the Cloud or locally, you can share files without compromising your cybersecurity.
Sota is one of the UK’s leading independent IT companies, providing professional IT support in Kent, cloud computing, cyber resilience, connectivity, and unified communications. Having worked with countless businesses over the years, they are experts in their field, ready to advise and offer tailored solutions for each and every company.