logo

Removable media: Convenient portable data storage or IT threat?

Removable media such as USB drives remain a critical risk despite their convenience. Compact, high-capacity devices can quickly exfiltrate sensitive data or introduce malware, often bypassing traditional defenses. Recent studies show rising attack rates, with 52% of industrial cyberattacks involving USB devices and more than 12% of reused drives retaining sensitive data. Effective policies and endpoint controls are essential to reduce exposure.

Trusted employees, on-site vendors and welcomed guests pose unique security concerns considering how easy it is to plug a portable storage device into a workstation, server, or laptop that has not been appropriately secured. Compounding this problem are the technological advancements seen in storage in recent years. USB drives are compact, high-speed, and can store multiple gigabytes of information. In the wrong hands and with the right opportunity, your data’s security is at risk, and the threat is growing. For example, Honeywell reported that 52% of industrial cyberattacks now leverage USB media, and studies as recent as 2025 show that over 12% of low-cost reused drives still contain recoverable sensitive data. Consider these trusted individuals bringing infected files into the workplace for legitimate purposes. In these situations, even the best threat detection solutions are circumvented further putting the organization at great risk.
USB drive threats USB drive threats remain a major concern. In past surveys, nearly half of respondents worried that portable storage devices could house crippling malware, while nearly one-third were concerned about confidential information being silently removed from the building. Both scenarios are enough to keep even the most hardened and skilled security professional awake at night. The reasons are obvious: physical access, large storage capacity and ease of use mean that a $10 USB drive could infect your network with malware and exfiltrate a year’s worth of financial data and employee records within minutes — all while appearing completely normal. Even organizations with strong written policies on removable storage use are no less at risk, since a policy is only as effective as its enforcement.

Netwrix recognizes these risks and offers Netwrix Endpoint Protector, a modern solution for securing endpoints against USB and removable media threats. It provides granular control over devices, enforces encryption, and monitors data transfers in real time to prevent infections and data theft. With centralized management and flexible deployment options, Netwrix Endpoint Protector helps organizations enforce security policies effectively — all while supporting compliance requirements.

What measures have you taken recently to protect against physical threats to your network? Does your organization have a written policy on removable media such as iPods, USB drives and removable hard disks? Please share your thoughts and experiences with other such applications and policies below:

Shawn Valle is Chief Information Security Officer at Netwrix, where he oversees the company’s global security strategy and ensures alignment between trust, innovation, and business priorities. With more than two decades of experience in cybersecurity and cloud security, he has built and led programs that protect organizations from evolving threats while enabling secure business growth. Valle is recognized for integrating security into business culture, fostering collaboration across executive teams, and building resilient, high-performing security organizations. His expertise spans cloud security, security operations, vulnerability management, identity programs, and risk management. In addition to his corporate leadership, Valle is an educator, musician, and podcast host, reflecting his passion for mentorship, creativity, and continuous learning.