Back
Products new

Products

Discover our suite of personalised Security Awareness Training solutions, designed to empower and educate your team against modern cyber threats. From policy management to phishing simulations, our platform equips your workforce with the knowledge and skills needed to safeguard your organisation.

Security Awareness Automation

Schedule Your Annual Awareness Campaign In A Few Clicks

Phishing Simulation

Stop Phishing Attacks In Their Tracks With Award-Winning Phishing Software

Cyber Security eLearning

Engage And Educate Employees To Be The First Line Of Defence

Policy Management

Centralise Your Policies In One Place And Effortlessly Manage Policy Lifecycles

Privacy Management

Control, Monitor, and Manage Compliance with Ease

Content Library

Explore Our Award-Winning Elearning Library, Tailored For Every Department

Incident Management

Take Control Of Internal Incidents And Remediate What Matters

Back
Industry

Industries

Explore the versatility of our solutions across diverse industries. From the dynamic tech sector to healthcare, delve into how our solutions are making waves across multiple sectors. 


Financial Services

Creating A First Line Of Defence For Financial Service Organisations

Governments

A Go-To Security Awareness Solution For Governments

Enterprises

A Security Awareness Training Solution For Large Enterprises

Remote Workers

Embed A Culture Of Security Awareness - Even At Home

Education Sector

Engaging Security Awareness Training For The Education Sector

Healthcare Workers

See Our Tailored Security Awareness For Healthcare Workers

Tech Industry

Transforming Security Awareness Training In The Tech Industry

NIS2 Compliance

Support Your Nis2 Compliance Requirements With Cyber Security Awareness Initiatives

Back
Resources

Resources

From posters and policies to ultimate guides and case studies, our free awareness assets can be used to help improve cyber security awareness within your organisation.

Cyber Security Awareness For Dummies

An Indispensable Resource For Creating A Culture Of Cyber Awareness

Dummies Guide To Cyber Security Elearning

The Ultimate Guide To Implementing Effective Cyber Security Elearning

Ultimate Guide To Phishing

Educate Employees About How To Detect And Prevent Phishing Attacks

Free Awareness Posters

Download These Complimentary Posters To Enhance Employee Vigilance

Anti Phishing Policy

Create A Security-Conscious Culture And Promote Awareness Of Cyber Security Threats

Case Studies

Hear How We’re Helping Our Customers Drive Positive Behaviour In Their Organisations

A-Z Cyber Security Terminology

A Glossary Of Must-Know Cyber Security Terms

Cyber Security Behavioural Maturity Model

Audit Your Awareness Training And Benchmark Your Organisation Against Best Practice

Free Stuff

Download Our Free Awareness Assets To Improve Cyber Security Awareness In Your Organisation

Back
About

About

With 18+ years of experience in the Cyber Security and Compliance market, MetaCompliance provides an innovative solution for staff information security awareness and incident management automation. The MetaCompliance platform was created to meet customer needs for a single, comprehensive solution to manage the people risks surrounding Cyber Security, Data Protection and Compliance.

Why Choose Us

Learn Why Metacompliance Is The Trusted Partner For Security Awareness Training

Employee Engagement Specialists

We Make It Easier To Engage Employees And Create a Culture of Cyber Awareness

Security Awareness Automation

Easily Automate Security Awareness Training, Phishing And Policies In Minutes

MetaBlog

Stay informed about cyber awareness training topics and mitigate risk in your organisation.

How to Manage the Risks of Removable Media

header r

about the author

Removable media has always proved a convenient way for employees to access personal and business data on the go.

Portable devices such as USB sticks, smartphones, SD cards and external hard drives have enabled employees to copy and transfer data, take it off site and conduct their day to day business outside the secure perimeters of the office.

However, as the use of these devices has increased, so has the associated risks. The very properties that make these devices portable and enable them to connect to various networks, also make them vulnerable to network security breaches.

The failure to effectively manage the import and export of data could expose an organisation to the following risks:

  • Loss of Information – Removable media devices can easily be lost resulting in the compromise of large volumes of sensitive information.
  • Introduction of malware – The uncontrolled use of removable media can increase the risk of malware being transferred to critical business systems.
  • Reputational damage – The loss of sensitive data can erode customer confidence in the organisation, resulting in significant reputational damage.
  • Financial loss – If sensitive information is lost or compromised the organisation could be subjected to financial penalties.
how to manage USB sticks

The security risks posed by the use of removable devices are just too great for organisations to ignore. In recent months, leading computing company IBM banned all its staff from using removable storage devices due to the possible financial and reputational damage that could be caused from misplaced, lost or misused removable portable storage devices.

A seemingly harmless portable media device has the potential to trigger a massive cyber-attack, even when the computer system targeted is isolated and protected from the outside.

There are numerous ways for attackers to use removable media devices to infect computer systems and one of the most common methods used is through an infected USB stick. Criminals often use a popular form of social engineering, known as ‘Baiting’, to launch an attack.

Baiting, as the name implies involves luring someone into a trap to steal their personal information or infect their computer with malware. The attacker will often leave a malware infected device, such as a USB stick, in a busy place where someone can find it.

The criminal will then rely on human curiosity to complete the scam and as soon as the device is plugged into a system, it will infect an entire network with malware.

This is exactly what happened in one of the first ever nation state cyber-attacks in 2010.  A computer worm known as Stuxnet was placed on an infected USB stick and used to gain access to Iranian computer systems.

Once the worm had infected a computer, it was able to replicate itself to any flash drives connected to the PC, and then spread from those drives to other computers.

The worm was introduced to solely target computers in an Iranian uranium enrichment facility, however due its rapid ability to propagate, it ended up infecting computers in 155 countries worldwide.

The consequences of using an infected removable media device can have massive ramifications for an organisation. Human error remains the number one cause of a cyber-attack, so it’s vital that staff follow the correct procedures when handling removable media devices outside of the office.

How to handle removable media

To ensure that company data is safe and secure, employees should follow the below guidelines when handling removable media:

Guidelines of using removable media
  • Limit the use of all removable media devices except when specifically authorised.
  • Apply password protection. To safeguard sensitive information and restrict access, all removable media should be protected with strong passwords.
  • Encrypt information held on removable media. If the use of removable media is required, the information on all devices should be encrypted. The level of encryption will depend on the sensitivity of the information stored on the device.
  • Never copy files to removable media unless it is necessary or has been authorised.
  • Scan all media for malware. Removable media should be thoroughly scanned for malware before it is brought in to use or received from any other organisation.
  • Never leave removable media lying around. Lock it securely away when not in use.
  • Disable Bluetooth, Wi-Fi, and other services when you’re not using them.
  • Never attempt to access files from any removable media that you may have found. It may contain a virus that will infect computer systems with malware.
  • When using Bluetooth, set it to the “non-discoverable” mode to hide the device from unauthenticated devices.
  • Report missing devices immediately, so they can be cleared of all data.
  • Use security software and keep all software up to date.

The MetaCompliance product range has been created to meet the needs of businesses operating in a constantly evolving cyber security landscape. Contact us for further information on how we can help improve cyber security awareness within your organisation.

you might enjoy reading these