USB devices continue to be a necessity for employees, an entry point for attackers, and an insecure medium to connect the two, spelling trouble for organizations.

Cybercriminals are looking for any way to access your organization’s endpoint that will allow them to infect a machine with malware, trojans, or ransomware. According to secure-hardware vendor Apricorn’s The State of USB Data Protection 2019 report, USB devices remain a viable target for cybercriminals. According to the report:

Employees are driving USB adoption – according to the report, 87% of orgs use USB devices and 68% of those stated employee choice was the reason.

– according to the report, 87% of orgs use USB devices and 68% of those stated employee choice was the reason. Employees are working around IT – While nearly two-thirds of organizations have acceptable use policies around USB devices, 64% say employees use USB devices without prior permission.

– While nearly two-thirds of organizations have acceptable use policies around USB devices, 64% say employees use USB devices without prior permission. Employees aren’t concerned about data protection – Almost half (48%) of employees have lost a USB device and not reported it to IT, and 58% use non-encrypted USB devices obtained from conferences and other sources.

With so much focus on cyber threats coming in via email and the web, organizations often overlook USB devices as a means for an attacker to inject malware into an organization.

Users need to be educated on the dangers of USB device use and the impact an attack can have on the organization. Security Awareness Training includes education on the need for a security-centric mindset at work, as well as on proper USB etiquette.