Removable Media
Removable media is a type of storage device that can be removed from a computer whilst the system is running. Examples include:
- USB memory sticks
- External hard drives
- CDs
- DVDs
- Mobile phones and tablet devices
Risks - removable media
Removable media introduces the capability to transfer and store huge volumes of sensitive information as well as the ability to import malicious content. The failure to manage the import and export of information using removable media could expose the University to the following risks:
Loss of information
Removable media is very easily lost, which could result in the compromise of large volumes of sensitive information stored on it. Some media types will retain information even after user deletion, placing information at risk where the media is used between systems (or when the media is disposed of).
Introduction of malware
The uncontrolled use of removable media can increase the risk of introducing malware to systems.
Reputational damage
The loss of media can result in significant reputational damage, even if there is no evidence of any specific data loss.
Best practice
- Never use any removable media that you found or is not your own.
- Use more secure file storage options wherever possible.
- Encrypt all removable media and the files stored therein.
- Use strong passwords to protect removable media.
- Do not save confidential/sensitive University data on USB sticks unless you have to, have the authority to do so from the asset owner, and use encrypted USB sticks.