4 Dangers of Using USB Thumb Drives and How to Secure Data

Available for Interviews:  Paul Tracey

Paul Tracey is the Founder & CEO of Innovative Technologies, a Managed Security Service Provider in New York, and is a national speaker, cyber security educator, small business advocate, and author of Delete The Hacker Playbook and Cyber Storm. 

What Paul Tracey can say in an interview on
Thumb Drives:

 1. Malware potential. USB drives are a great way to make malware portable without breaking in through your internet access.  If USB access is open on your computers anyone can slip one in and in less time than you can make a single cup of coffee, have all of your data on the cloud.  Unfortunately, we are finding that this not only comes from bad actors adding malware on a regular drive but also from the supply chain. This is where the drive comes infected from the factory. Some attackers have also targeted electronic devices directly, and have infected items such as electronic picture frames and USB devices during production. When users buy the infected products and plug them into their computers, malware is installed on their computers.

 2. Loss of Data. USB drives are notoriously unreliable forms of saving data however they are convenient and easy to use so they do have some advantages. We never recommend them for any long-term or sensitive storage. For starters, their portability and tiny form factors make them very easy to misplace and lose. Secondly, these drives have a tendency to be removed improperly and become corrupted. Once this happens recovering the drive becomes unlikely and expensive.

 3. Stolen Data. Allowing USB connections gives bad actors within a business a discrete way to remove sensitive data from the business before their departure. Even computers that have been turned off may be vulnerable because a computer’s memory is still active for several minutes without power. If an attacker can plug a USB drive into the computer during that time, he or she can quickly reboot the system from the USB drive and copy the computer’s memory, including passwords, encryption keys, and other sensitive data, onto the drive. Victims may not even realize that their computers were attacked. This type of activity would normally not be detected by any security software. 

 4. Spreading Malicious Software. Attackers can use USB drives to infect other computers with malware, ransomware, or a host of other malicious scripts that can detect when the USB drive is plugged into a computer. The malware then downloads malicious code onto the drive. When the USB drive is plugged into another computer, the malware infects that computer.

How to Secure Data

      1. Never plug in an unknown USB into your computer (not even to try to identify the owner).
      2. Use encryption on your USB and back it up to another drive. (If you lose your USB you are still good!)
      3. Keep personal and work USB drives separate and never plug a corporate USB from work into any personal computer or device.
      4. Disable autorun. When enabled, this causes drives to open automatically when inserted into the computer. With it disabled, you can prevent malicious code from automatically running on your computer.
      5. Use MDR, XDR, antivirus, and anti-malware software and make sure it is always up to date. Also, be sure that your antivirus software is set to scan all drives and that your USB drive is plugged in while you are scanning. 


Interview: Paul Tracey

Paul Tracey is the Founder and CEO of Innovative Technologies, a Managed Security Service Provider in New York, and is a national speaker, cyber security educator, and small business advocate, and author of Delete The Hacker Playbook and Cyber Storm.

Nearly a successful decade in business, Innovative Technologies continues to help clients ensure they have security and compliance procedures in place and well-trained staff. They have earned the reputation as a leading managed security services provider (MSSP) in upstate New York.

Tracey has been featured in MSP Success Magazine and on the Success Spotlight podcast and also runs an MSSP dedicated to helping small and medium-size businesses protect their reputation, money, and customers from cybercriminals.


Jo Allison
Managing Editor
Director of Public Relations
Success In Media, Inc.

Leave a Reply