File this under “you get what you pay for.”
Imagine you are walking out of your office to your car or down the street to grab lunch. You turn the corner and there at your feet – so small that you almost missed it – lays a little USB drive. You bend down and pick it up and note that it is a 64 GB drive. Wow – those aren’t cheap, you think to yourself.
When you return to your office, being the good samaritan that you are, you plug your new found drive into your computer’s USB port to see if there is any identifying information on it. You figure, if there is identifying informaiton, you can return it to its rightful owner and if there isn’t, well, then you’ve got yourself a nice new 64 GB drive. Worst case scenario, it’s broken – right?
The worst case scenario is quite a bit worse than that.
According to the digital security blog Naked Security by the firm Sophos, fully 66% of of the lost USB drives were infected with some kind of malware. None of the malware appeared to infect OSX (Apple’s operating system) machines, though several of the drives seemed to have been owned by Mac users – making them malware carriers who show no signs of disease but capable of passing it on to Windows using friends.
So, what’s the takeaway here? There are a few best practices that can be gleaned from this study:
1) if you find an unidentified USB drive in public, you are better off tossing it in the garbage than plugging it into your computer;
2) if you use a Mac, the odds are still good that you can rely on herd immunity to keep you safe from malware;
3) if you use a Windows computer, make sure you are using an up to date suite of anti-malware, anti-virus and anti-spyware;
4) at the rate at which USB drives apparently are lost, you are probably best advised to use an encrypted drive, one that hangs on your key chain, or one that costs so much that it is too dear to misplace.