The USB hole in your network security

Every PC has them - USB ports that allow for connecting everything from keyboards, to flash drives, to our phones. They're everywhere on every network, and they're extremely convenient for multiple uses. Unfortunately, they also represent one of the greatest gaps in your network security.

Assuming all of your staff are well-intentioned 100% of the time, you're still at risk. Plugging in an infected thumb drive is an easy mistake for your staff to make. In fact, just a few years ago an infected thumb drive found in a parking lot was plugged into a DOD computer and launched an attack that later became known as "The worm that ate the Pentagon".

While most of us know better than to plug an unknown thumb drive into a computer, it still happens. Free and cheap thumb drives are available everywhere, and yes, some of them are compromised, unbeknownst to the people handing them out.

But those aren't the only threat you face from your benevolent workforce. How many of you plug your phone into your PC to charge it while your working? Well it turns out numerous recent attacks are being launched by your infected phone. Whether it's a rogue app that you installed or an actual virus on the phone, the devices we carry with us are often as filthy on the inside as they are on the outside.

That's right, that little USB port on your computer is actually a time bomb ready to detonate across your entire network. So how do you lock them down?

Fortunately, there are a number of ways to lock them down. Many organizations will use group policies with their domain-based network settings to lock them down or limit the functionality of the ports. That's great, but a better way is to use software designed to do it, and many of the end-point protection products on the market today can do just that. Whether it's Sophos, Trend Micro, or countless other solutions, the tools are there, they just need to be configured.

And that's the rub. With the tools available, there's no excuse for not having and enforcing a policy related to the USB ports that are ubiquitous across your network. The problem is, you have to do it.

If you feel your infrastructure may not be as secure as you'd like, we can test it for you. Just give us a call.

Click smart everyone and have a great week.


If you have any questions or if you are concerned about your organization's cybersecurity, give us a call at (800) 970-0402. We'll be happy to help.


For more HIPAA information, download our ebook - The Ultimate HIPAA Compliance Handbook.

The HIPAA Security Rule requires the implementation of a security awareness and training program for all members of its workforce (including management). Have your team sign up for weekly HIPAA Security Reminder to help stay compliant.