Data Security -Unauthorised USB devices can be used for data theft, malware distribution, or unauthorised data transfers. Detecting and preventing USB usage helps safeguard sensitive information and prevents potential security breaches. A former head teacher was fined for unlawfully obtaining children's personal data from previous schools where he worked: https://www.forbessolicitors.co.uk/news/45012/head-teacher-fined-for-breach-of-dpa
Malware - USB devices can be carriers of malware. By monitoring USB activity and controlling access, you can minimise the risk of malware infections spreading throughout the organisation's network.Endpoint Protection: An endpoint any device (which includes a laptop, phone, tablet or server) connected to a secure organisation/business network. When you connect to a network you are creating a new endpoint.
Every endpoint is a point of entry for a cyber attack.
A lot of organisations that we speak to have a verbal/written policy for not allowing USB sticks and should be part of the organisation's Acceptable Use Policy. This means that it is possible for a member of staff to still use one, for anyone in the building to use one, and if the server is unlocked and in a communal area then the server and network are open to a cyber attack.
Consider Endpoint Security Software for help in controlling the use of USB sticks. They can enforce policies that allow or restrict USB access based on predefined rules, such as whitelisting approved devices or blocking unknown ones. This means that it will block a USB stick that it does not recognise, but will allow the organisation's iPads/mobile devices to be connected for information retrieval.
Physical security measures could also be considered such as securing/blocking computer ports, using tamper-evident seals or employing locked cabinets (especially for servers) to prevent unauthorised access to USB ports.
Password gathering: While it is well known that malware and viruses can easily be delivered using a USB stick, given they can execute code without any commands being given, it should also be considered that they could be used for gathering password information. Many staff have several passwords to remember and so will use both Windows and for example, Chrome, to help automatically remember the passwords; this information can also be stolen using a USBStealer which is a Windows Based Password Hacker tool. Generally staff will use Windows to store a large portion of its passwords on an everyday schedule such as passwords, login ids and secret keys. Further information about how this works can be found in the GB Hackers Password Hacking article (please note the article is for educational purposes only).
Consider viewing our Information & Cyber Security Best Practice Library for advice and guidance around best practice.
Data Protection Education offers Making the Rounds (data walks) with one of our consultants who visit your organisation. During the visit they would view where the server is kept and best practice around computer use, alongside normal data protection processes. Email
What to do in the event of a cyber attack?
Tell someone! Report to IT. Report to SLT.
Unplug the computer from the internet by removing the ethernet cable or turning the Wi-Fi off.
If you are a victim of a ransomware attack we would recommend reporting this to Action Fraud: https://www.actionfraud.police.uk/ as well as your data protection officer so they can advise about the data loss. Most cyber crimes like these will also need to be reported to the ICO by your data protection officer.
Isolate the infected device and pass to IT
Always ensure there are backups you can restore from.