The security risks of USB drives and removable media, and how to handle them safely in the workplace.
USB and Removable Media Security
USB drives and removable media are one of the most overlooked security risks in the workplace. They are small, inexpensive, and can carry enormous amounts of data — or malware.
USB Attack Vectors
Why USB Drives Are Dangerous
Malware Delivery
Malicious USB drives can automatically execute code when plugged in. BadUSB works because a USB drive can impersonate a keyboard or network adapter — the computer has no way to tell the difference. When plugged in, it “types” malicious commands at 1,000 words per minute, faster than any human can react.
The USB Drop Attack
Attackers deliberately leave drives in car parks, lobbies, and common areas — labelled “Payroll Q3” or “Redundancy List 2025” to entice curiosity. Studies show that 45–98% of found USB drives are plugged in by the finder.
⛔ Important
If you find a USB drive — do not plug it in. Not at your desk, not on a personal device, not “just to check who it belongs to.” Hand it to IT security. The curiosity a found drive provokes is precisely what attackers rely on.
Safe Practices
| Action | Why |
|---|---|
| Use only IT-approved, encrypted drives | Unencrypted drives cause NDB breaches when lost |
| Never plug in a found or unverified drive | BadUSB and malware risk |
| Return unused drives to IT | Don’t accumulate drives in desk drawers |
| Report lost drives immediately | NDB 30-day clock starts from awareness |
| Don’t use personal drives on work computers | Risk of cross-contamination |
| Encrypt sensitive data before copying | Final safety net if drive is lost |
✓ Key Point
Many organisations use endpoint controls (Microsoft Intune, Jamf, or DLP tools) to block unauthorised USB devices entirely. If your organisation has this policy and you have a legitimate business need, request approval from IT rather than trying to work around the block. The policy exists for good reasons.
Secure Disposal
Deleting files or formatting a USB drive does not securely erase the data — recovery tools can restore it in seconds. Return drives to IT for:
- Physical destruction (shredding)
- Certified cryptographic erasure (verified overwrite)
Never dispose of USB drives containing work data in regular bins or recycling.
What’s plugged into your business right now?
One curious moment with a found USB drive can hand an attacker your whole network — and one lost unencrypted drive can trigger a mandatory data-breach notification. Mobile Techs IT Service helps Gold Coast businesses take removable media off the risk list — USB device control policies, endpoint protection, encrypted approved drives, certified data destruction, and staff awareness training. Home users welcome too — on-site or remote, anywhere in Australia.
Lock down your devices → or call 1300 644 588

