Blocking USB Drives For Work From Home Employees

With so many people working from home, the perimeter of corporate data safety has suddenly grown very large, in many cases encompassing employee home computers. 


Data loss prevention (DLP) was challenging enough already, but now it takes on even more importance.



One way that data can escape the corporate network is by getting copied to USB thumb drives.  Some companies take the approach of gluing or epoxying the USB ports closed.  Although effective, this prevents any future legitimate use of those ports (such as a camera for video conferencing).


PA File Sight has a better solution: the File Sight Endpoint.   The Endpoint is a small agent that gets installed on client computers.   It’s main purpose is to work with the server-side installation of PA File Sight to detect and report on file copying activities.   However, another powerful use is to block USB drives.


With the Endpoint running, every time an external volume is attached to the computer (including inserting CD/DVDs), the Volume ID is checked against a configurable White List.   If the volume is listed on the White List, nothing is done.  However, if the new volume is not listed, the volume is immediately ejected.  This prevents USB drives from being attached without needing to physically destroy the USB port.


There are safety features along with the Endpoint.  It can run as Local System making it very difficult for end-users to stop the service.  In addition, alerts can be fired if an Endpoint isn’t connected, with the added check to make sure the computer is still pingable (so you don’t get alerts if the computer is turned off for the evening).




, , , ,