eDiscovery Daily Blog

• November 13, 2015

Here’s an interesting pop quiz for you.  Which option would you pick?

You’re waiting for your train. You spot a flash drive on a bench.

Do you:

1. Pick it up and stick it into a device?
2. Leave no stone unturned to find the owner, opening text files stored on the drive, clicking on links, and/or sending messages to any email addresses you might find?
3. Keep your hands off that thing and away from your devices, given that it could be infested with malware?

Believe it or not, in a recent CompTIA study, 17% of people chose options 1 and 2 – hey, free thumb drive! Wonder who lost it…? – and plugged them into their devices.

According to an article in Naked Security – Curious people can’t resist plugging in random flash drives, by Lisa Vaas (and by way of Sharon Nelson’s excellent Ride the Lightning blog), CompTIA recently planted 200 unbranded, rigged drives in four US cities – Chicago, Cleveland, San Francisco and Washington, D.C. – leaving them in high-traffic, public locations to find out how many people would do something risky.  Over one in six did.  And, apparently, the younger you are, the more likely you are to do so: 40% of Millennials are likely to pick up a USB stick found in public, compared with 22% of Gen X and 9% of Baby Boomers.

If you think that’s no big deal, in 2011, Sophos analyzed 50 USB keys bought at a major transit authority’s Lost Property auction, finding that 66% of them – 33 in total – were infected.  So, the risk is high.

CompTIA also commissioned a survey of 1200 full-time workers across the US, finding:

• 94% regularly connect their laptop or mobile devices to public Wi-Fi networks. Of those, 69% handle work-related data while doing so. This isn’t surprising: past studies have found that most people (incorrectly!) think that Wi-Fi is safe;
• 38% of employees have used their work passwords for personal use;
• 36% use their work email address for personal accounts;
• 63% of employees use their work mobile device for personal activities;
• 41% of employees don’t know what two-factor authentication (2FA) is;
• 37% of employees only change their work passwords annually or sporadically; and
• 45% say they don’t receive any form of cybersecurity training at work.

Perhaps more training will improve these numbers, though; you would think not plugging in an unknown flash drive into your device would be common sense.  Apparently, not for everybody.

So, what do you think?  Do you have any of the above habits that leave your data vulnerable?  Please share any comments you might have or if you’d like to know more about a particular topic.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.