Recently, I was told of an incident where an employee of a fairly large company spotted a USB stick on the pavement in the parking garage. Concerned that it might be important information of a colleague, the employee picks up the stick and takes it back to his office. To determine who is the owner, the employee inserts the drive into his computer and opens up the folders thinking that its contents will identify the owner.
WHAM! – the entire company’s network is infected with a new virus that the anti-virus program did not recognize.
Unfortunately, the dropping of virus seeds in the way of USB drives is a very common attack. Drives are left in corporate lobbies, doctor’s offices, parking lots, restaurants, any place where people gather. The thieves are counting on Good Samaritans to help their follow man or woman.
Employers need to inform their employees of the following procedures:
- If they find a USB drive warn them to NEVER put it into their computer.
- They should give the drive to IT to determine what they want to do with it.
- If there is no in-house IT department, destroy the drive by smashing it with whatever implements of destruction you have handy, and then drop it in the trash. Don’t worry that someone will loose important data. They probably have backup and if they don’t, then hopefully this will be a lesson learned for them. If there was confidential data on the device you just saved the company’s customers from a data breach.