Losing a USB key on a train is all too easy, and a risky prospect if you keep important data on it. But if you find one, think twice before using it: one recent study suggests that it’s extremely likely to contain malicious software.
Security software company Sophos purchased 50 USB keys at the 2011 auction of lost property by RailCorp in NSW. Of those, not one had any form of encryption, so the data on it was up for grabs. Perhaps more disturbingly, two-thirds of the USB sticks also contained some form of malware, so they represented a risk to anyone using them, even if the personal data on them wasn’t stolen.
The lesson? Keep your USB keys close, minimise the amount of personal data you store on them, and use encryption if you do need to shift sensitive information. And if you do receive a USB key from any source, run it through your security software to eliminate any nasties.