Common Sense at the Front Door of Cyber Defense

The physical points of access to the data networks and information systems that make life as we know it today possible are often unguarded. Spending $170 billion a year globally on cybersecurity without protecting data ports and connectors is like installing in your home every sophisticated electronic security device available – and leaving the front door wide open.

Not only is this strange circumstance counter-intuitive, it is considered by some to be the greatest vulnerability of all in cyber defense. First, the bulk of attention and activity is devoted to online and cloud-based defenses – programs and software. Second, the most historic failures of cyber defense came from attacks on open data ports. All it would have taken to prevent them was a simple USB port lock.

Yes, many of the attacks that have made headlines over the years were perpetrated by scattering unidentified flash drives and letting human nature take its course. It seems that, without a USB port lock in place, even the best-trained, most highly indoctrinated personnel don’t hesitate to plug a “found” memory device into any data port that isn’t protected by a USB port lock.

Add to this unruly data-storage-and-exchange impulse the common daily behavior of plugging-in personal mobile devices at work to sync or charge, and you have the most widespread breach of data access known. It comes not from specialized geniuses or devoted hackers, but rather from practically anyone with access to a data port not protected by a USB port lock.

The Attention of a Recognized Authority

Small and inexpensive, the USB port lock might be hard to take seriously, but consider the size of what it solves – stopping insider threats. And stopping insider threats has been the focus of many highly reputable organizations.

Carnegie Mellon University’s Common Sense Guide to Mitigating Insider Threatsis now in its sixth edition. Since it was first published in 2005, the guide has continually been expanded, evolved, and developed to keep pace with the dynamic and escalating nature of cybersecurity threats from both employee/associates and business partners. The Common Sense Guide comes from an uncommonly well-qualified source.

Carnegie Mellon established a federally funded research and development center for cybersecurity in 1984. Called the Software Engineering Institute, even the name reflects that initial perception that software and architecture were primary in the secure expansion of access to computing power and instant global communication that was taking place even then. The U.S. Computer Emergency Readiness Team (CERT) was established in 2003 by the Department of Homeland Security to protect the Internet infrastructure of the United States by coordinating defenses against and responding to cyber-attacks. Initially, hostile attacks launched through the Web were the basis of the perceived threat.

That paradigm has been challenged so continually that the first edition of the Common Sense Guide to Mitigating Insider Threats was published just two years after the establishment of CERT, signifying how integral to cybersecurity the threats from insiders had become.

That significance grew. In 2017 Carnegie Mellon established the National Insider Threat Center (NITC) to provide objective research on cybersecurity and “to transition that knowledge to operational environments” in the Department of Defense, private industry, and academia. Threat detection tools, baseline data, and metrics for evaluating products are among the many dimensions of the NITC mission.

And who are the insiders? One of the evolutions of the sixth edition was to define “insider” as someone who has, or had, authorized access to assets. The assets might be data, channels of communication, systems, or devices. Because these are the sources of the threats, and these are the points of attack, shouldn’t protecting the actual, physical points of access to your vital data networks and information systems with USB port locks be a top-tier priority?

Anyone who walks in the door of your operation qualifies for this definition of the threat. And in a sense, the more operational, the more trusted that person is (or was), the greater the potential damage he or she could cause – whether intentionally or unintentionally. It kind of makes the USB port lock see a bit more important, doesn’t it?

The USB Port Lock – a Solution as Small as a Thumbnail

The engineering elegance of the USB port lock is disguised by its size. The importance of its contribution is belied by its reasonable price. The USB port lock from The Connectivity Center is available in entry-level and professional grades. Both varieties physically block access to any of the hundreds of unused USB ports that lie open in the workplace. They require no electricity, software, or special expertise to install, and no maintenance or upgrades to operate. A Smart Keeper USB Port Lock Key is required to control access and restrict the guarded ports to only authorized personnel.

The efficiency and speed of USB data ports have made them nearly universal and resulted in that design’s use for many of the high-speed cables that are used to unite devices and peripherals in the workplace. This had made protecting those connecting ports just as important as the USB data ports themselves.

Among the hundreds of solutions you’ll find from The Connectivity Center are a variety of locking 4K high-speed cables and both the entry-level and professional series of the Smart Keeper USB Port Lock Key. Together with the Smart Keeper collection of computer and laptop security devices, they provide you with the PC security you need, without sacrificing the access that makes your system so vital to operations. Our Link Lock connectors and the Link Lock Hub serve not only as secure USB connections, but also lock your devices so that they cannot be removed without authorized access.

The Professional Series key from The Connectivity Center comprises an ergonomic, retractable housing with anti-static rubber grip, LED light for low visibility work areas, and dual-retractors – main and peripheral – for reaching port locks in confined spaces. The key patterns are strictly controlled, yet you can order duplicate keys to suit your own security authorization structure.