Best Practices for Removable Media and Devices
While removable media and devices are extensively used for storing and transporting data, some of the characteristics that make them convenient can also introduce security risks.
Please read and review the different types of removable media and devices listed below as well as the guidelines for managing these important information security risks.
Removable media and devices include:
- Optical Discs (Blu-Ray discs, DVDS, CD-ROMs)
- Memory Cards (Compact Flash card, Secure Digital card, Memory Stick)
- Zip Disks/ Floppy disks
- USB flash drives
- External hard drives (DE, EIDE, SCSSI, and SSD)
- Digital cameras
- Smart phones
- Other external/dockable devices which contain removable media capabilities
Please follow these guidelines for managing removable media and devices:
- Install anti-virus solution(s) on your computer that will actively scan for malware when any type of removable media or device is connected.
- Ensure that all removable media and devices are encrypted. This will render any data useless to unauthorized users should the device be lost or stolen.
- Never connect found media or devices to a PC. Give any unknown storage device to security or IT personnel.
- Always apply new passwords before and after every business/personal trip where company data is being utilized on removable media or device.
- Never disclose the passwords used with removable media or device to anyone.
- Disable the Autorun and Autoplay features for all removable media or devices. These features automatically run when plugged into a USB port or drive.
- Keep your personal and business data separate. Do not store UMass Chan data on your personal device.
- When you have finished transferring sensitive data from removable media or device, be sure to delete it from that device.
Please refer to these following UMass Chan IT Policies:
- Acceptable Use Policy
- E-Mail Policy
- Identity and Access Management Policy
- Encryption Policy
- Data Classification