An unprecedented number of Americans began working remotely because of the COVID-19 pandemic. While some companies have opted to go fully remote, others are slowly reopening their offices. Many are also adopting hybrid working models.
Remote workers rely on technology to complete their tasks. Laptops, PCs, tablets, and smartphones create a more digitized, mobile workforce. Another type of technology remote workers often use is portable media.
What is portable media, what are some examples of it, and what are some of the associated risks? Here’s more about it and how it brings a fair share of dangers to a remote workforce.
What Is Portable Media?
Portable media, also known as removable media, are devices that connect to a computer or laptop, network, or information system to transport or store data. The most well-known type is the ubiquitous USB flash drive, which is also called a thumb drive. However, portable media also includes DVDs, CD-ROMs, external hard drives, and SD and memory cards.
Remote workers may use mobile media for two reasons: First, for additional storage, and second, to transfer data from one computer to another.
Many removable media are small, affordable, and convenient, making it easy for remote workers to download files and move them back and forth from home to office, depending on their organization’s work model. That, however, also makes it easy for a data breach to occur.
For example, remote employees may use a USB flash drive to transfer files from their office computer to their laptop at home, if they work on a hybrid schedule. Lose this thumb drive, and your organization could be tomorrow’s headline.
Risks When Remote Workers Use Portable Media
The convenience factor and ability to bring files on the go also open remote workers to potential cybersecurity risks.
Companies with remote employees need to assess their current cybersecurity risk profile to protect against cyberattacks and financial losses. The use of portable media should certainly be considered. It can increase the potential for a hacking incident.
Here are five major risks remote employees may face if they rely on portable media devices.
1. Portable Media Devices Are Easy to Lose or Misplace
Almost all types of portable media devices are small. They can easily fit in someone’s hand or pocket or be tossed into a work bag. While it’s convenient to carry important documents on portable media, their size makes them easy to lose or misplace.
Additionally, remote employees may not realize their portable media devices are missing until it’s too late. At that point, they could risk losing hours of critical work or sensitive data that could fall into the hands of malicious actors.
2. Portable Media Devices Can be Riddled with Malware
Portable media devices can be infected with malware. When a remote worker inserts an infected USB flash drive into their laptop or computer, it will likely pass that infection to the device it is connected to – and, perhaps, the entire network.
Earlier this year, the Federal Bureau of Investigation reported that hackers were sending USB drives infected with ransomware directly to companies in an effort to infect their devices and corporate networks.
3. Portable Media Devices from Unknown Sources Can Lead to Data Loss
Sometimes, hackers will use their creativity to execute their cybersecurity attacks. For example, a malicious actor can plant an infected portable media device somewhere in an office, hoping that someone will insert it into a computer or laptop.
In other cases, hackers have dropped USB drives in public areas knowing that many people will attempt to locate the drive’s owner – which means inserting the device into a USB port. Unless you know where a flash drive has been, it’s always best to immediately throw away any that you find or are given.
4. Portable Media Devices Typically Have an Autorun Feature
According to the Cybersecurity and Infrastructure Agency, it’s best to disable the autorun feature that Windows is equipped with.
The autorun feature causes most removable media to automatically open when inserted into a viable drive. If autorun is engaged, any malicious code will execute immediately upon inserting the device into a port. Disabling the autorun feature can protect organizations from opening malicious files when the portable media is inserted.
5. Portable Media Devices Could Cause Reputational Damage if a Data Breach Occurs
Many organizations work with large volumes of sensitive data. Some examples include customer information, patient health records, and banking login credentials.
Suppose a remote employee using a portable media device is careless. In that case, the risk of someone accessing that sensitive or personally identifiable information becomes greater. No company wants to earn a negative reputation for a simple mistake.
It’s best to outline employee expectations for portable media devices and train employees on the best cybersecurity practices to mitigate the risks outlined above.
Use Best Cybersecurity Practices When Handling Portable Media
The remote workforce is growing, and it’s becoming increasingly challenging for companies to monitor how their employees use removable media devices.
However, now is the time to implement comprehensive cybersecurity solutions to prevent data breaches caused by portable media devices in a high-risk landscape. The best protection is locking all computer ports through inexpensive port locks. This ensures that an infected USB flash drive or external hard drive can’t be connected to your corporate computers – and possibly your network – even when your cybersecurity policy prohibits it.
