Security Risks: When users Fail to Wipe USB Drives

Security Risks: When users Fail to Wipe USB Drives

What do search warrants, W-4 forms, email exchanges with a stock broker, laboratory reports, safety documents and a nude selfie all have in common?

The answer: All were found on second-hand USB drives.

A study recently released by the University of Hertfordshire found that even when users attempt to erase personal information and other sensitive data from portable USB drives, they often fail to properly remove all images and documents.


Artificial Intelligence: A Modern Approach, Global Edition
amazon uk

"Though there have been a few high-profile examples of companies restricting access - IBM is an example - the majority of enterprises still don't maintain this level of control over their employees' desktops, to their own peril." 

To conduct their survey, researchers bought 200 used USB drives on eBay and at second-hand shops and auction stores. Of 100 devices from the U.S. and another 100 from the U.K., about two-thirds contained remnant data from the previous owner.

All this personal data can create a personal security nightmare because the information can be used for a variety of cybercrimes, including phishing attacks, identity theft and various extortion schemes, according to the study. And used USBs may also include malware as well.

Inadequate Steps

When users attempt to remove or delete their data from a USB device before selling it, they're rarely successful, the small-scale study shows. In the case of the 100 USB devices from the U.S., only 18 were wiped clean using a data erase tool, the report found.

Of the remaining U.S. devices:

  • Eight were formatted, but data could be recovered "with minimal effort"
  • Some 64 of the USBs had data deleted, but it could easily be recovered
  • And for one of the USBs, purchased, the user obviously had made no attempt to delete the data.

Among the U.S. USB drives, the researchers found six that could not be read using the tools that the team had available.

Advertisement


Amazon Fire TV Stick 4K Ultra HD with all-new Alexa Voice Remote | Streaming Media Playeramazon uk

The U.K. devices didn't fare much better. The team found that 19 previous owners apparently had made no attempt to delete the data, while 47 devices had data deleted but researchers could recover it using various tools. Another 16 were formatted, but the data could still be found. Only 16 were properly wiped and one was encrypted.

About the only significant difference between the U.S. and U.K. devices was the type of information each contained. In the U.S., it was more common to find business documents on the USBs, while the U.K. devices contained more personal information.

How to delete your Google Assistant recordings

The other jarring issue that the researchers note is that many of the tools that can properly wipe and clean a USB drive are readily available and, in most cases, free.

Enterprise Lessons

In general, USBs, whether new or used, pose serious security risks.

Back in 2017, the loss of one USB drive that contained highly sensitive data related to Heathrow Airport cost the company that owns the airport a fine of £120,000 ($155,000), after a government watchdog investigated. An employee lost the device, which was then found on the street by a pedestrian. That data was not password protected or encrypted, a report found.

To mitigate USB-related risks, IBM banned USBs and other portable storage drives from its corporate network in 2018 and told employees to use the company's cloud-based system instead if they wanted to share documents or review data outside work.

But despite the risks, USBs remain ubiquitous, especially at trade shows.

At the recent RSA Conference in San Francisco, numerous companies passed out and used USB drives, Mukul Kumar, the CISO and vice president of cyber practice at Cavirin, a Santa Clara, California-based security company, tells me.

"There were far too many USBs given out, and I'm not sure how many 'security' companies checked these for malware before loading their collateral," he says.

The use, or misuse, of USB drives is a two-fold security problem, Kumar says.

"There are two separate issues. The first is the data on the drives, and the second is potential malware," Kumar added. "Though there have been a few high-profile examples of companies restricting access - IBM is an example - the majority of enterprises still don't maintain this level of control over their employees' desktops, to their own peril. Smaller organizations, less able to recover from a breach, are probably the most vulnerable."

Meanwhile, if you're determined to continue using USBs, Kumar urges an obvious step: Encrypt the data.


Windows 10 Professional 32 bit/64 bit English International | PC | USB Flash Drive
amazon uk

Leave a comment

Make sure you enter all the required information, indicated by an asterisk (*). HTML code is not allowed.

back to top

Popular Cyber News

Top Tips to Protect Your Business Against Social Media Mistakes

Top Tips to Protect Your Business Against Social Media Mistakes

11 May, 2019

Don't let social media become the go-to platform for cybercriminals looking to steal sensitive corporate information or ...

Study Shows Extent of Cyber Risk

Study Shows Extent of Cyber Risk

10 May, 2019

A new study shows SMBs face greater security exposure, but large companies still support vulnerable systems as well. ...

How to Secure your Azure Storage accounts

How to Secure your Azure Storage accounts

14 May, 2019

Enterprise data is growing exponentially and becoming more complicated, making it harder to manage, and an even bigger c...

Vodafone is Challenging Huawei Report of Telnet 'Backdoor'

Vodafone is Challenging Huawei Report of Telnet 'Backdoor'

01 May, 2019

Vodafone is challenging a Bloomberg report that security vulnerabilities and backdoors within Huawei networking equipmen...

Malware: Doesn't need to be new to cause serious damage

Malware: Doesn't need to be new to cause serious damage

05 May, 2019

The good news is: The development of new malware exploits has slowed significantly.

Microsoft adds Plug and Play to IoT

Microsoft adds Plug and Play to IoT

03 May, 2019

Microsoft just announced that it wants to add the advantages of Plug and Play, which allows you to plug virtually any pe...

Twitch streamers take action to secure their accounts against hacks

Twitch streamers take action to secure their accounts against hacks

30 April, 2019

Twitch has an account hacking problem.

Over 22 billion IoT devices are out there

Over 22 billion IoT devices are out there

20 May, 2019

Enterprise Internet of Things (IoT) remains the leading segment, accounting for more than half of the market, with mobil...

Lessons learnt from cyber attacks

Lessons learnt from cyber attacks

07 May, 2019

Communication about cyber attacks emerged as another key theme in the panel discussion. The SingHealth data breach under...

Categories

Home Tech Reviews UK

Mobile Tech Reviews UK

×

Sign up to keep in touch!

Be the first to hear th latest Cyber and Tech News straight to your mailbox.

Check out our Privacy Policy & Terms of use
You can unsubscribe from email list at any time