OIS Security Bytes: USB Drives

UNC’s Office of Information Systems will be posting bite-size IT Security tips for our users (formerly Tip of the Month). As IT security concerns become more a part of our everyday life, awareness is one of our best allies. For more information, contact your local IT Support or chat with us at help.med.unc.edu.

OIS Security Bytes: USB Drives click to enlarge USB Security - Raise your awareness
OIS Security Bytes: USB Drives click to enlarge USB Risks - Protect yourself

USB DRIVES

 OIS Security often receives USB drives that are found in classrooms, in public computers, or simply on the ground. These are problematic for at least two reasons:

 1)   Users are saving sensitive information to USB drives in non-protected files. This violates UNC IT Security policies and opens the user and the University to both legal and financial consequences (not to mention the person whose information is inadvertently made public). Duke University Health System recently had an unencrypted thumb drive stolen: http://www.wral.com/patient-info-stolen-from-duke-health-office/13936465/ necessitating public notification and a dedicated call center. If you require sensitive data be on a USB drive (or if you would like to be proactively cautious), we suggest the use of Hardware Encrypted USB solutions: Kingston DataTraveler Vault Privacy; IronKey; Kanguru Defender; Aegis Secure Key; Imation Secure+; or Integral Crypto Drive.

 2)   Found USB Drives may be infected with a virus or can be purposely configured to download a malicious program onto any computer the USB drive is plugged into. Opening unknown files from unknown sources puts both your computer and all other computers on our shared network at risk. If you find a lost USB drive, please contact the help desk to turn it in.

 Below, please find links to US-CERT (United States Computer Emergency Readiness Team) suggestions on USB Drive use as well as UNC’s Information Security Policy Summaries which discuss sensitive data storage, transfer, and destruction.

http://www.us-cert.gov/ncas/tips/ST08-001

http://help.unc.edu/help/information-security-policy-summaries/