I'm concerned about our company's approach to handling USB drives brought in by clients. Currently, our policy requires users to hand over their USB drives to IT for a scan using Malwarebytes on an offline desktop. While this is a step in the right direction, I doubt it's the most effective method. Users could easily bypass this policy and plug their drives directly into their laptops. Plus, relying on a free version of Malwarebytes seems inadequate. We have Carbon Black EDR in place, but it doesn't allow for on-demand scanning, so I'm left wondering how we can ensure these drives are safe. I'm curious about what procedures or tools other businesses are using for USB malware scans, aside from just disabling USB access altogether.
5 Answers
Honestly, I would recommend employing something more robust than Malwarebytes. Tools like Bitdefender or Kaspersky are much better catered for enterprise use and can scan incoming USB drives effectively from the start.
If you have to use USB drives, run real-time scanning with your corporate AV whenever they're connected. That's the safest way—just ensure autorun features are disabled too. Create a policy for scanning before users can access the contents on their machines.
Exactly! This approach holds users accountable while keeping the risks minimal.
Absolutely! Combining this with a thorough policy can make a significant difference.
If you do plan on allowing USB drives, tools like CrowdStrike can help with device control. They’ve recently implemented automatic scanning of devices when plugged in, which might be what you need.
That’s smart! Just ensure that other controls are in place. With multiple layers, you can protect the network better.
Most organizations I've been with have outright disabled USB ports on standard user machines. Best to always push people towards secure channels for file sharing, and it eliminates a lot of risks.
I’m with you! We’ve moved everything online and haven’t looked back since. Makes it easier to keep everything secure and monitored.
Disabling USB access altogether could be a solid step. By doing this, you're eliminating risks like malware infections and data leaks. Instead, consider using services like OneDrive or SFTP for file transfers, which are much safer alternatives.
Exactly! With DLP tools, particularly if they’re from Microsoft or similar, you can effectively manage sensitive data without the need for USB drives. It’s about implementing the right policies.
Yeah, this is best practice. I managed environments with stringent compliance and USB access was always controlled tightly.
That's very true! Malwarebytes' free version isn't ideal for a business setting. Having a dedicated solution for this is crucial.