Critical Intel: Three Steps to Preventing USB Data Breaches

In today's National Cybersecurity Awareness Month post, SolarWinds' VP of Product Management, Chris LaPoint, takes us behind the scenes of USB drive security awareness and ways to ensure mobile data remains secure. Chris has spent the last decade building IT management software, first as a software engineer, then as a technical evangelist and product manager at SolarWinds.


In the movies, USB drives are the tools spies use to easily tote around a secret list of global CIA operatives, or nuclear launch codes.  All of it highly secure, of course.

The problem is that USB drives are not necessarily secure, and life is not a Jason Bourne film.  In fact, USB drives are highly susceptible to malware and data loss due to, among other things, simple human error.

According to the Ponemon Institute:

  • 800,000 data-sensitive devices are lost or stolen each year
  • 74% of missing USB drives result from employee negligence
  • 65% of missing USB drives are not reported by the employee

Of course, public sector organizations need to be particularly careful that data stored on USB drives is kept safe.  There is no margin for error here; even the smallest breach can cause catastrophic results.  That’s why organizations such as the Department of Homeland Security are actively endorsing particular types of encrypted USB drives and auditing all mobile devices.

Beyond a full-scale audit, however, there are some simple steps that federal agencies can take to ensure USB security, including:

  1. Active monitoring and tracking of network activity.  Breaches exhibit certain patterns.  For example, you may detect unusual after hours activity on your network, or higher than average login attempts to reach highly secure information.  Tracking LAN traffic can help IT teams pinpoint USB-introduced malware based on how it tries to access other ports or network hosts, allowing IT teams to contain the threat.  Simultaneously, the teams can prevent data from leaving the organization through the USB drive.
  2. Deploy a secure managed file transfer system.  USB drives are popular, but they’re certainly not the only easy-to-use storage solution.  Remember FTP?  It generally gets a bad rap for potentially being unsecure, but it doesn’t have to be.  Managed file transfer (MFT) systems provide FTP with a high level of security while allowing employees to access files wherever they may be.  These web-based systems control access via virtual folders, and allow IT managers to actively monitor and control the data being accessed.  Also, MFT systems eliminate the need to store data on physical media, so information will no longer be literally out the door.  In fact, you can shut off access to USB drives altogether, yet still provide employees with a simple and secure way of accessing information.
  3. Use a USB defender tool.  If you’re still set on allowing USB devices on your network, a USB defender tool is a must.  USB defenders can provide IT with a real-time alert whenever a USB drive is being used.  The usage can then be matched to network logs to correlate malicious attacks with USB use.  Defender tools can automatically block USB usage, disable user accounts, quarantine workstations and automatically eject drives.  This takes a massive load off the security-minded IT manager.

USB drives may not exactly be the end-all storage solution that Hollywood would like us to believe – but they could certainly end all of the hard work that organizations have done to keep their information safe.  Organizations need to do everything they can to monitor, protect and defend that information, or risk having data corrupted or compromised.

If you’d like more information on solutions that can help defend against USB-related threats, check out SolarWinds’ security information and event management (SIEM) and MFT solutions.  Tools like these are essential to helping organizations control and secure their data, particularly in a world driven by personal, mobile devices.