USB drives (me to distraction)

It’s always the technological change you can’t see that gets you. Weather-beaten commentators have rediscovered that adage throughout history. Take those trebuchet operators unfortunate enough to stare down the barrel of a cannon, or the guys who rejoiced over selling PowerPC chips to Microsoft for the Xbox 360 only to discover that Apple had suddenly decamped to Intel while the PowerPC designers were dawdling with less MHz for more heat… I feel a change of that order is about to hit smaller business networks, especially the very small ones; in fact, it may already be here. Two groups – the very small network support provider and the medium-to-large network manager – are at extreme risk from a Tribble-like population explosion of USB flash drives.

Imagine for a moment that you could dash into your company’s main office or canteen and strip-search every member of staff. Aside from the potential for horrendous embarrassment (and possibly harassment), how many USB drive devices do you suppose you’d find? I turned out my own pockets and knapsacks in a fearless simulation of such a search, and to my astonishment found that I have no less than seven USB flash drives, ranging in size from 8MB up to 512MB (and they were all under £30 to buy). Discovering what was on each device came as a bit of a shock: for example, I’d totally forgotten where I’d put my 2002 accounts file for ‘safe keeping’.

USB flash drives like these now pose a huge threat to the network administrator on at least three fronts:

In the very smallest network scenarios, it’s easier to use a coffee mug full of these devices to move work files from machine to machine than it is to set up direct file sharing. Disconnecting machines can circumvent many anti-piracy measures, and the USB flash drive simplifies running a PC that’s totally adrift from the Internet, which suits a certain type of user very well. Many smaller IT outfits make a living by implementing networks for businesses with five or fewer PCs, and the unacknowledged spread of these little devils can only be a threat to such IT suppliers. Understanding how to explain to clients that these USB drives are not without their drawbacks has become a critical matter.

These little dangly bits of plastic aren’t all that safe as storage media go. One of my seven drives was the size and shape of a credit card, made by Freecom. Unfortunately, it wasn’t quite as bendy or adaptable as the rest of my credit cards, and definitely not bike-friendly when stuffed into a back trouser pocket. A vast array of utilities can be used to back up your stuff onto a USB flash drive (whether solid state or an IDE drive in a caddy), and knowing exactly what you’ve just copied or moved onto that storage is a crucially important but much-neglected ability.

Theft of data. There’s really no other way to put this if you want to wake people up to the risk these USB drives represent to the company. Even if this ‘theft’ is secondary – say, because someone’s bag, jacket or keyring got left on the train – the net result is the same; namely, that a copy of stuff that could matter to you a great deal has walked out of your door and you’ve no idea that it’s happened. Mere misplacement of data (like my 2002 accounts file) is the obverse of this problem, in that it’s seldom intentional but just as disastrous.

Let’s get the threat to small IT businesses out of the way first, because it has no software solution. If you’re a network supporter or integrator and you see that coffee cup full of plastic dongles make an appearance, that’s just about the loudest wakeup call you could receive – if your users find it easier to hand those things around than to use peer-to-peer file sharing, you’d better pull your socks up pretty damn quick. There’s absolutely no operational difference between keeping files on one of those keys and keeping them on a networked file share, except that networked file shares are a lot bigger, a lot more secure, a lot more searchable and a lot easier to back up. If you’ve failed to get that across to your users, it’s very unlikely to be their fault and very likely to be yours. I know this sounds like ‘cruel to be kind’ sort of advice, but please don’t underestimate the dumbing-down effect of these devices. You’ll also have to put in a lot of work to show your users better working practices that don’t involve USB flash drives.