3 Rules of Thumb for Thumb Drives

Posted by Rob Schnetzer on Thu, Mar, 21, 2019 @ 10:03 AM

Best practices when using thumb drives for work and play.

 Did you know that one of the most notorious hacking incidents in recent history started with a thumb drive? In this brief video, Sagiss CTO Jim Lancaster shares some guidelines for using thumb drives--also known as memory sticks or USB flash drives--and how they can be safely incorporated into your business technology infrastructure.

Q: What is the most important rule for dealing with thumb drives?

  Jim Lancaster:  When you go to the airport and hear the announcement in the background about notifying authorities if you notice any bags left unattended, that same concept applies to thumb drives.  If you see a thumb drive lying around, you should just ignore it and walk away; don’t pick it up! When the Stuxnet virus took out the centrifuges in the Iranian nuclear program, it was a thumb drive that did it. The people that executed on that virus dropped thumb drives in the parking lot of the Iranian nuclear facility. Someone picked one up and stuck it into a PC, and that’s how the bad actors got in and took out those centrifuges.


Q: What reason do I have to use a thumb drive?

 Jim Lancaster: There are some really good reasons for keeping thumb drives around. PCs don’t come with floppy drives these days, and most of them don’t even come with CD-ROMs any more. The thumb drive is sometimes the only way to get data from one PC to another or it is at least the quickest way. However, I can’t stress any more strongly: don’t pick up random thumb drives.


Q: Can I use a thumb drives for my business?

 Jim Lancaster: As far as business case uses for thumb drives, I think they’d be rather limited. I wouldn’t want my employees using them unsupervised. In the past, the protocol was generally to allow everyone to have access to everything and then disable what you don’t think they need to have access to. I think we now we live in a world where the reverse is true.  It’s smarter to deny access to everything and then make the exceptions to that rule as needed. I think by default, we should turn off USB drives and then when the use case presents itself we can make an informed, intelligent decision about whether or not to allow them. 


Have questions about using thumb drives or any aspect of small business cybersecurity? Contact us today.

Topics: Cybersecurity, Managed IT Services, How To DIY Guides