BlockMaster: April fool pranks leave businesses exposed to malware on USBs
April 2009 by
BlockMaster, a provider of secure removable data devices, today issues a stark warning to businesses across the UK that millions of employees with unprotected USBs are at risk of unsolicited viruses and malware.
As staff let their guard down to laugh at April fools’ jokes, hackers specialised in social engineering and intrusion techniques are poised to take advantage of the lack of care paid to network and USB security.
With 20,000,000 unsecure USBs being used in businesses today and around 62 per cent of UK employees leaving their sticks plugged into their computers when unattended, businesses are extremely vulnerable to malware. This risk increases greatly today as the computer worm, Conflicker.A, is expected to claim over 11.4 million victims. Although nothing untoward has happened yet the people who control Conficker could just be waiting for IT managers to relax their guard and assume the worst is over before they attack.
BlockMaster, CEO Daniel Östner comments: “The major threat facing businesses is malicious content which could be downloaded in an April fools prank on the Internet or an email, infiltrating USBs and destroying intellectual property. Another security risk is if content is uploaded from an unsecure USB as a joke accidentally wiping or replacing critical data with viruses and malware.
“These threats have the capability of creating total meltdown for an organisation; proving that businesses must have security processes in place to protect their networks from the threats posed by unsecure USBs. Endpoint systems, such as port control will keep April fool jokes outside the corporate network and standardising on a secure USB drive will keep all information safe.”
The devastating impact of not having security processes in place can be seen from the impact of the ILOVEYOU worm, which brought thousands of users’ systems and a significant proportion of the world’s mainframes crashing to the ground in 2000.
Simple steps organisations can put in place to protect USB devices include:
1. Put a policy in place to outline a list of trusted USB drives and other portable devices
2. Inform personnel of the new policy and stress the importance of compliance with this policy to protect the organisation
3. Install software to restrict removable media to the pre-determined list of trusted devices
4. Provide all IT users with a trusted secure USB drive
5. Collect and destruct “old” devices with file-shredder software or an outsourced service provider
6. Ensure a lifecycle device management solution is in place