Cyber security risks from USB drives
USB drives are useful for sharing files, but they can also create serious security risks. Recently, there was an incident that involved an infected USB drive being connected to a staff laptop resulting in the device being compromised and unsafe to use.
This incident shows how important it is to avoid USB drives from unknown or untrusted sources.
Staff and students are encouraged to follow the guidance set out below to reduce the cyber security risks from USB drives.
Why USB drives can be dangerous
A USB drive may appear harmless, but connecting an unknown device can put your computer at risk within seconds. Malicious software can run automatically, bypass some protections, and access your files without warning.
USB drives are common in work, research, and at conferences. Free promotional USB sticks are especially risky because you cannot verify where they came from or what has been installed on them.
How to reduce your risk
Only use USB drives from trusted and approved sources. Avoid connecting any USB device that you find, even if it appears genuine or lost.
Keep as little information as possible on USB drives, particularly when travelling. If a USB drive is lost, stolen, or compromised, minimal data reduces the impact and protects sensitive personal or University information.
Where possible, use OneDrive or another secure University-approved service instead of a USB drive. If you must use one, choose an IT Services‑approved encrypted USB device.
Keep your devices updated with the latest security and antivirus tools. Be cautious when using USB drives on shared or public computers, such as those used for conference presentations. Always lock your computer when you leave your desk to prevent others from inserting unknown devices.
If you find a USB drive on campus, do not plug it in. Hand it in to Lost Property.
If you think your laptop is infected
Contact St Andrews CSIRT at [email protected].