USB drives and other external devices can pose a serious security risk to your organization. Attackers may use these devices to spread malware or gain access to company systems.
This guide explains the risks and how to safely handle unknown or unauthorized devices.

  • Why This Matters

    Plugging an unknown device into a computer can:
    • Install malware automatically
    • Give attackers access to your system
    • Steal sensitive company data
    • Spread infections across the network
      • These attacks require no technical knowledge from the user—only a single action.

  • What is a Baiting Attack?

    A baiting attack is when an attacker leaves a USB device in a place where someone will find it, such as:
    • Parking lots
    • Building entrances
    • Office common areas
    • Near workstations
      • The device may be labeled something like:
    • “Payroll”
    • “Confidential”
    • “Employee Bonuses”
    • “HR Documents”
      • Curiosity leads someone to plug it in—and the attack begins.

  • Types of Risky Devices

    Be cautious of any unknown or unapproved device, including:
    • USB flash drives
    • External hard drives
    • Phones or tablets
    • Charging cables or adapters
    • Keyboards, mice, or other peripherals
      • Even devices that look normal can be malicious.

Safe Practices

  • 1. Never Plug In Unknown Devices

    If you did not receive the device from a trusted and approved source:
    • Do not plug it into any work computer
    • Do not attempt to “see what’s on it”

  • 2. Use Only Approved Devices

    Only use USB devices that are:
    • Provided by your company
    • Approved by your IT provider

  • 3. Do Not Use Personal Devices on Work Computers

    Avoid connecting:
    • Personal USB drives
    • Personal phones (unless required and approved)
    This reduces the risk of accidental infection.

  • 4. Be Cautious with Found Devices

    If you find a USB drive:
    • Do not plug it in
    • Report it to management or your IT provider
    • Treat it as a potential security threat

  • 5. Avoid Unknown Charging Cables

    Some cables can transfer data as well as power.
    • Only use trusted charging cables
    • Avoid plugging unknown cables into work devices

How to Protect Yourself

  • Do Not Click Suspicious Links

    • Hover over links to preview the destination
    • If unsure, do not click
    • Go directly to the official website instead

  • Verify the Sender

    • Check the full email address carefully
    • Be cautious of slight misspellings or unusual domains
    • When in doubt, contact the person or company directly

  • Avoid Opening Unexpected Attachments

    • Especially files like .zip, .exe, or unknown documents
    • Even trusted senders can be compromised

  • Never Enter Credentials on Untrusted Pages

    • Only log in through known, official websites
    • Do not follow login links from emails unless you are certain they are legitimate

  • Be Cautious with Urgency

    • Take a moment to think before acting
    • Legitimate requests rarely require immediate action without verification

  • What To Do If You Plugged in a Suspicious Device

    If you believe you may have connected an unsafe device:
    • Stop using the computer immediately
    • Do not attempt to investigate further
    • Disconnect from the network if instructed
    • Contact your IT provider right away
    Quick reporting can prevent a wider issue.

  • Quick Checklist

    Before plugging in any device, ask yourself:
    • Do I know where this device came from?
    • Is it approved for work use?
    • Was I expecting to use this device?
    If the answer is “no” or “not sure,” do not use it.

Remember

Not all threats come through email or the internet.
Sometimes, all it takes is plugging in a single device.

GET IN TOUCH...