Securing Our Data: Restrict Removable Media Devices on High-Priority Information Systems

Overview

Removable media devices—also known as removable storage devices–present a very high risk to sensitive data stored, processed, or transmitted by information systems in your organization. Sedara recommends implementing strict measures to safeguard sensitive information and prevent its accidental or intentional loss, misuse, or disclosure.

Removable Media Device Management

Sedara recommends the implementation of enterprise policies and standards that prohibit the use of removable media devices on information systems in environments where protecting Personally Identifiable Information (PII) and data privacy are of utmost importance. The opportunity for malware infiltration or exfiltration of sensitive data presents an unacceptable risk to the organization.

In high-priority environments where data integrity is of paramount importance, it is crucial to proactively identify and address potential vulnerabilities. Removable media devices, such as USB flash drives, external hard drives, and SD cards, present security threats to your systems and sensitive data. Adopt preventive measures in line with established cybersecurity guidelines to mitigate these risks.

The National Institute of Standards and Technology (NIST) Special Publication 800-53r5 provides a detailed set of controls to safeguard the security and privacy of managed information systems. According to guidance provided on media use (MP-7) and related controls in Section 3.1 of this publication, controlling and monitoring the use of removable media devices is vital. By preventing or restricting the use of such devices, we can significantly reduce the potential for unauthorized data transfers and mitigate the risk of malware infiltration.

Most end users do not need removable media to perform their job duties. The prevalence of cloud computing has especially lessened organizational reliance on removeable media, as most data can be saved to cloud-based secure storage.

1. Develop and enforce a comprehensive policy that strictly prohibits the use of removable media devices on information systems that are prioritized for storing, processing, or transmitting PII.
2. Communicate the restrictions clearly to all staff members, emphasizing the reasons behind the decision and the potential risks associated with the use of removable media devices.
3. Implement technical controls, such as disabling USB ports or implementing device whitelisting, to enforce the policy effectively and prevent unauthorized use of removable media devices.
4. Where use of removable media devices cannot be prohibited, enforce encryption on all removable media devices that are connected to the information systems, prioritizing systems that have privileged access to critical data or applications.
5. Conduct regular training and awareness programs to educate staff members about the risks associated with removable media devices, emphasizing the importance of compliance with the policy and their role in maintaining data privacy.

Preventing the use of removable media devices in your supported environment will significantly reduce risk to the cyber security posture of your organization.

Should you have any questions or require further clarification regarding this recommendation, please do not hesitate to reach out to Sedara. We are available to discuss your requirements and any issues that are unique to your organization.

How Can Sedara Help?

• Security Operations Center (SOC)
  • Vulnerability Scans (Tenable and Nessus): Sedara’s SOC can perform vulnerability scans so you can prioritize and remediate vulnerabilities that pose the most threats to your organization.
  • Endpoint Detection and Response (EDR): Sedara’s SOC can deploy and monitor EDR for your endpoints so we can secure your assets from malicious processes, applications, and connections. Background scans can be initiated, and processes can be whitelisted, blacklisted, or removed from the environment.
  • Security Information and Event Management (SIEM): Gain visibility across your entire network for real-time analysis and alerting of security events. Sedara’s SOC can deploy a SIEM so you can ignore the noise and take immediate action on security incidents.
  • Sedara Insight – Sedara SOC can scan your Active Directory environment for device, user, and group statistics so you can remediate security risks, such as outdated operating systems or users with expired passwords.
• Cybersecurity Development Program (CDP)
  • vCISO: Consultation on selection of a security standards framework, development, and implementation of your Cybersecurity Program, emphasizing defense in depth, and improving the cybersecurity posture of your organization.
  • Gap Assessment: Compares your organizational management of people, process, and technology against an established cybersecurity framework, identifying and prioritizing areas for improvement.
  • Penetration Test: provides a simulated attack against your environment, to identify external vulnerabilities that can be remediated to protect your environment.

Sedara Quadrant

• vCISO (e.g., CDP, GRC, vendor management)
• What is a vCISO – Whiteboard Series

Links to Further Reading

These references provide comprehensive guidelines and controls for information security, including the importance of controlling and monitoring the use of removable media devices, the risks associated with their use, and the recommended measures to mitigate those risks. By following these authoritative sources, you can align your policies with industry best practices and enhance the security of your high-priority environments.

National Institute of Standards and Technology (NIST) Special Publication 800-53r5:

·         https://csrc.nist.gov/publications/detail/sp/800-53/rev-5/final

See controls: AC-19, AC-20, MP-7, PL-4, PM-12, SC-34, SC-41