USB flash drives are a very important part of our day-to-day activities. When a network is down, it provides an alternate method to copy/exchange files between computers. But in the strange world we live in, there is something dark underneath in any great invention, and there is no difference here. The great USB memory stick can be used by bad guys & gals for abusive practices. Not only is your network security at risk here, but your private or sensitive data can simply vanish out of your well protected private network to the wild world out there; who knows how it is going be used. Look at it this way, even if I am an employee of the institution, I can simply bring a contaminated USB memory stick and plug it into my network connected PC, and soon enough, the potential that the whole network could be infected with virus, worms or other unwanted malware skyrockets. The funny thing here is that the user may not be aware of what has happened here. Also, if the user is a bad person then on the way home he/she can take a copy of your highly guarded financial data!

The risks are enormous here, but we need to have a great balancing act between business needs and security, as both go hand-in-hand. In my opinion, the strategy should be based on one of the basic security principles; users should be given authorizations to services such as USB drives, CD/DVD, registry access etc. based on business needs as well as on the least privilege principle. This way you can minimize the potential security risks and continue to keep your business safe from intrusion!

Here is an article that explains how you could disable devices through Microsoft Active Directory Group Policy. Enjoy!