User Tools

Site Tools


USB sticks

Key points:

Encrypt USB drives before storing data on them

If you are going to store information on a USB stick (perhaps as a backup), either use a USB stick with hardware encryption, or else encrypt the drive before you store the information on it.

That way, if you lose the drive, or it is stolen, the finder or thief cannot access the information on it.

If you want to transfer files to someone else, use a file transfer platform instead

Use an alternative whenever you can, such as a file transfer platform.

Don’t put your USB stick in someone else’s computer

No, this is not a euphemism.

You have no idea what security might (or might not) be in place on the other computer, whether it is infected by a virus or dormant ransomware, and so on.

If you absolutely have to transfer something to someone else’s computer via USB (perhaps because the files are just too large to transfer via a file transfer platform in a convenient manner, or else you are in a situation with no Internet access):

  • wipe your memory stick first, using your computer’s disk formatting tools
  • put on it only the file you need to transfer
  • transfer it to the other computer
  • if the file is sensitive, use the other computer’s disk formatting utility to do a secure wipe of the USB stick (so that, if you lose it before you can destroy it, it's harder to access the file which was on it
  • take the stick back and destroy it physically: hit it with a hammer until you can see the memory chips on the circuit board, and then break those chips

It’s not kind to the environment, but the price of small USB sticks makes them disposable.

Don't trust anyone else's USB sticks

Even if it is coming from your friend, or a trusted colleague, do you know what security they have on their computer? Do you know what state their anti-virus protection is in?

Get them to transfer you the file some other way, and take precautions when opening it.

Do not take free USB sticks from conferences

Don't use USB sticks given away at events. If you need a USB stick for something, buy one from a vendor you trust.

Do not use USB sticks as give-aways at conferences

USB sticks might seem like good giveaway items at conferences, but it's a bad idea, as it encourages poor security practice. If you want to make files away, host them on your website or some other sharing service, and give out the link.

Do not pick up "lost" USB sticks

Nothing found on the ground or in the carpark or “left over” in a meeting room.

Yes, it might suck to feel that you could be a good Samaritan and return someone’s vital information or backup of family photographs, but you have absolutely no idea as to what is on that memory stick, and there’s a chance, perhaps even a strong chance, that it might be an attack.

usb_sticks.txt · Last modified: 2021/07/06 09:26 by