top of page
  • Writer's pictureAIM

Cybersecurity: The Dangers of USB Flash Drives

USB flash drives are small, removable electronic devices containing flash memory used for storing or transferring data to or from a computer. You may have picked up a flash drive from an event as a promotional giveaway or been given one by a client containing evidence. The convenience of these portable devices comes with significant security risks. Flash drives can carry viruses or malware that infect devices. They are also easily lost or stolen, which can cause data loss and leakage. A refresher in cybersecurity will help protect us from the dangers of USB flash drives.

Four USB flash drives side by side on a blue background

The safety of flash drives received from outside your firm’s IT department cannot be guaranteed. If a third party offers you a flash drive, think twice before plugging it into your computer. You may run the risk of the following dangers:


  • Theft of data;

  • Installation of prohibited applications;

  • Storage of unlawful data;

  • Storage of encrypted data;

  • Distribution of viruses;

  • Identity theft; and

  • Running applications covertly.


Due to the high risk of these flash drives or CDs/DVDs containing malicious software, many IT departments of larger firms are disabling the settings on computer desktops and firm-owned laptops from accessing flash drives or CDs/DVDs. Special permission from IT departments to use these devices must be granted before they can be inserted to perform their functions.


America’s cyber defense agency, the Cybersecurity & Infrastructure Security Agency, offers some best practices to keep in mind when handling flash drives:

  • Do not plug an unknown USB drive into your computer. If you find a USB drive, give it to the appropriate authorities (a location's security personnel, your IT department). Do not plug it into your computer to view the contents or to try to identify the owner.

  • Take advantage of security features. Use passwords and encryption on your USB drive to protect your data, and make sure that you have the information backed up in case your drive is lost.

  • Keep personal and business USB drives separate. Do not use personal USB drives on computers owned by your organization, and do not plug USB drives containing corporate information into your personal computer.

  • Disable Autorun. The Autorun feature causes removable media such as CDs, DVDs, and USB drives to open automatically when they are inserted into a drive. By disabling Autorun, you can prevent malicious code on an infected USB drive from opening automatically.

  • Use and maintain security software and keep all software up to date. Use a firewall, antivirus software, and anti-spyware software to make your computer less vulnerable to attacks and keep the virus definitions current. 


If you are a solo practitioner or a lawyer in a small firm without access to an IT department, you can reduce the dangers posed by USB flash drives by utilizing safer alternatives like the Cloud. If you do choose to use flash drives, exercise caution by not plugging unknown flash drives into your device, using passwords and encryption, and keeping your computer’s security software up to date.

The simplicity of using a flash drive belies the risks. To mitigate the dangers of USB flash drives - regardless of your firm size - it is essential to adhere to strict cybersecurity protocols. Never use flash drives from unknown sources, and ensure all data transfers are conducted through secure, trusted methods. In an age where data is a critical asset, protecting it from the unseen dangers of unknown flash drives is paramount.

6 views0 comments


bottom of page