The moral of this French computer security video is apparently that you should be wary of USB sticks (and crocodiles) in your Lego-built office.
And yes, it did make me smirk when I realised the video was produced by Orange (who have a spotless reputation for computer security, n’est pas?)
As USB sticks get more ubiquitous, smaller in physical size, and larger in the amount of data that they can store, the risks increase too.
First of all, there’s malware to consider.
Just like the floppy disks of yesteryear, malware can travel via USB thumb drives, carried by unsuspecting computer users between devices. In this way, even computers which are not connected to the internet or email systems can become infected by malware.
Does this happen? Yes, it *definitely* does! And it’s not just in the regular workplace.
For instance, the infamous Stuxnet worm infected the Natanz nuclear facility in Iran in precisely this way, as part of a joint operation by the United States and Israel.
Meanwhile, astronauts have even transported malware-infected USB sticks or compact flash cards up to the International Space Station.
Then we have to consider the risk of data loss.
It’s not at all uncommon these days for people to take work away from their desk (maybe to work on it remotely, or from home) and they will often copy databases and company documents onto a USB stick. If that teensy-weensy USB stick is mislaid, you could have allowed sensitive information about your firm or your customers to slip through your fingers.
Accidents will, inevitably, happen.
For that reason, you need a policy of managing USB sticks and the data gets transported via them. Your organisation may benefit from device control technology which can determine if a particular storage device is allowed to connect to a computer, and solutions that can ensure that sensitive information can only be copied onto devices when it is securely encrypted.
And don’t forget, there is also the insider threat. If you have a member of staff with a chip on their shoulder or they’re about to move on to a competitor, they might take advantage of the high storage capacity of flash drives and USB sticks to copy your customer database or other sensitive information… believing it will be to their benefit.
Entirely banning USB devices isn’t probably a workable solution for most organisations. Your staff are working hard and want to do a good job, and find portable storage devices convenient. If you have an outright ban, chances are that your workforce will work against you, and cover up what they are really up to.
It’s better, therefore, to educate users about the risk and reduce the threats of malware and data loss (whether accidental or deliberate) through policies and technology.
And, if you see a crocodile in your office, always report it to the IT support desk.