Skip to main content

Device & Endpoint Physical Security › USB and Removable Media Controls

USB and Removable Media Controls

USB drives and removable media represent a dual threat to organisations: they are both a data exfiltration channel and a malware delivery mechanism. A single USB drive can extract gigabytes of sensitive data in minutes, or introduce ransomware that spreads across the entire network. Despite the rise of cloud storage, USB drives remain one of the most common vectors for both insider threats and external attacks. Executives must implement technical and policy controls that address both risks without completely eliminating legitimate business use cases.

The Threat Landscape

  • Data exfiltration. A disgruntled employee or compromised insider can copy customer databases, financial records, or intellectual property to a personal USB drive and walk out of the building undetected.
  • Malware delivery. Attackers deliberately drop infected USB drives in car parks, lobbies, and conference venues — a technique known as “USB baiting.” Curious employees who plug in the drive inadvertently install malware.
  • Uncontrolled data movement. Even well-intentioned employees who use USB drives to work from home or transfer files between systems create unencrypted copies of sensitive data outside your controlled environment.
  • Regulatory risk. Personal data transferred to an unencrypted USB drive that is subsequently lost constitutes a reportable data breach under GDPR and similar regulations.

Control Strategies

  • Technical restrictions. Use endpoint management tools to block unauthorised USB devices. Allow only approved, encrypted USB drives issued by the organisation.
  • DLP integration. Configure DLP policies to monitor and block sensitive data transfers to removable media, alerting the security team to attempted exfiltration.
  • Encryption enforcement. If USB drives must be used, require hardware-encrypted drives with centralised management. Software encryption is easily bypassed if the drive is used on an unmanaged device.
  • Awareness training. Train employees never to plug in USB drives found in public places and to report suspicious devices to the security team.
  • Physical controls. In high-security environments, disable USB ports physically or use port blockers to prevent any device connection.

Action Steps:

  1. Implement endpoint controls to block all unauthorised USB devices and monitor for policy violations.
  2. Issue approved, hardware-encrypted USB drives for any business use cases that genuinely require removable media.
  3. Include USB baiting scenarios in your next security awareness campaign.

Quick Knowledge Check

  1. What is USB baiting and why is it effective?
    USB baiting involves placing infected USB drives in locations where employees will find them — car parks, lobbies, conference venues. It exploits human curiosity: studies show that up to 48% of people who find a USB drive will plug it in.
  2. Why is hardware encryption preferred over software encryption for USB drives?
    Because software encryption can be bypassed if the drive is used on an unmanaged device that does not have the encryption software installed, whereas hardware encryption is built into the drive and cannot be circumvented.