Cloud vs flash storage: This is how insecure USB sticks are (main security risks)
How do you transmit sensitive data, for example, when it comes to implementing important projects with customers, colleagues, or partners? Optical storage media like CDs and DVDs are hopelessly outdated and the cloud is not to be trusted, right*? This is why many users rely on USB sticks: flash drives are small and handy and also offer space for large amounts of data. But are they actually secure?
The fact that you actually have a physical object in your hands or in your pocket gives a false sense of security. After all, USB flash drives do have their pitfalls; we’ll show you what they are.
This is how insecure USB sticks are – main security risks
- No encryption by default
Standard USB sticks have neither password protection nor encryption mechanisms! Therefore, any data that you copy to the flash memory without further precautions can be read by anyone who gets hold of the stick. This may be sufficient for your own personal data, but it is an absolute no-go for sensitive data!
- Misplaced, lost, or manipulated
USB sticks are small and handy – and thus can be lost quickly. Even if the data does not fall into the hands of unauthorized persons: data loss is just as annoying!
In addition, third parties could copy the stored data – even if it is encrypted. Not to mention that unattended flash storage can be easily manipulated and may then pose an even greater security risk to your business than you realize. That brings us to point 3.
- Malware carriers
USB sticks can transmit malware like viruses or trojans! Especially if you happen to have left your stick unattended and third parties might have tampered with it, you should be careful. At least, from Windows 7, the Autorun function for USB memory is disabled by default. This means that executable files located on flash drives are no longer started automatically as soon as the USB stick is connected. Consequently, malware can no longer be spread quite so easily.
- Beware of cheap sticks!
Very cheaply produced USB sticks pose a greater risk of data loss. This is simply due to qualitative reasons: The chips installed are not of particularly high quality and break easily. As a result, stored data is damaged or can no longer be found. So don’t save at the wrong end!
So, this is how insecure USB sticks really are. Would you have thought that? But don’t worry, many of the risks just mentioned can be controlled with little effort – or simply bypassed. We’ll show you how to do it here!
Flash storage: Five tips for greater security
- Do not use sticks of dubious origin
Where did you get the USB stick on which you just saved your important project data? Do not use flash drives of unknown or dubious origin! You should never connect found USB sticks to your PC – and certainly not use them for sensitive data!
- Disable Autorun
As already mentioned, the autorun function is deactivated from Windows 7 onwards – that’s a good thing! If you are using an older version of Windows, you should manually disable Autorun. To do so, open the Control Panel, click on “Change default settings for media and devices” and uncheck “Use AutoPlay for all media and devices” – done!
- Separate private and business use
A good tip: Separate private and business! This also applies to USB sticks: Do not use the same data carrier for private files that you also use for business purposes.
- Encrypt sensitive content
If you already store sensitive data on a USB stick, you should definitely encrypt it. In Windows 10 and 11, this is quite simple: right-click on the file or folder, select “Properties” and then the “Advanced” tab. Here, put a checkmark on “Encrypt content to protect data”. Then confirm your selection.
If you are using older Windows versions, you can fall back on proven free software such as VeraCrypt.
- Use secure cloud services instead
Instead of USB storage devices, opt for highly secure cloud collaboration services and virtual data rooms. Here, your sensitive data is reliably protected against unauthorized access and can be shared with customers, colleagues, and partners at lightning speed. Additional features such as virus scanners, individual access authorizations and activity logs provide even more control and that extra measure of security.
You found this article interesting? Would you like to read more articles about data protection and data security?
Then sign up now for free to our privacyblog newsletter! We will inform you about new blog posts by e-mail. Click here to register.
*Wrong! Highly secure cloud solutions like idgard® are much more secure than you might think, thanks to confidential computing technology. So secure, in fact, that they are now being used by companies that are subject to particularly strict data protection requirements. If you want to learn more, just browse our blog, or drop us a line at firstname.lastname@example.org!