2023 Cybersecurity Awareness Month: Episode 4 — Dangerous Finds

If you see a flash drive left behind in a conference room, would you plug it into your computer to find out who it belongs to, so you can return it to the owner?

The correct answer should be no. The drive could be perfectly innocent, left behind by a colleague; but it could also be a trap, designed to prey on your curiosity. Then, the moment you plug it in, it can execute one or several types of malware: viruses, worms, bots, trojans, and more. If you’re unfamiliar with the term, “malware’ is an amalgamation of “malicious” and “software.”

In 2016, 300 unmarked USB drives were dropped across the campus of the University of Illinois. Subsequently, 98% of these devices were picked up by students or staff. Half of those were plugged into a device. That’s approximately 147 different opportunities for a cyber criminal to be successful.

Early this year in March, an Ecuadorian journalist received a flash drive in the mail. When he plugged it in, it exploded. It was a bomb disguised as a flash drive. This is an extreme case, but certainly a reminder of why we should never plug in a flash drive, unless it is our own.

If you find a flash drive, it is never a good idea to plug it in to any device unless you are trained and have programs to do so safely. You can report a found flash drive to your IT department and they can determine if they can safely access any data, or whether it would be best to destroy the flash drive to prevent unintentional use.

We hope our short ‘Be Cyber Smart’ series this month has provided you with some insight and awareness into cybercrime and how you can mitigate the risk and impact of a cyberattack. Throughout the series we’ve talked about many types of social engineering — phishing, unsecure computers, tailgating, and flash drives.

Bringing awareness to the forefront by having frequent and open discussions is a tool we readily have at our disposal. What type of tools are you seeing being used in your industry to help mitigate the risk of cyberattacks?