USB drives and portable storage devices are convenient for moving files between computers, but they introduce security risks on both ends of the transfer. An unknown USB drive may contain malware that runs automatically when plugged in, and a lost or stolen drive exposes every file on it unless the contents are encrypted. Safe portable-device practices include disabling autorun, encrypting sensitive files before transferring, scanning unfamiliar devices, and using "safely remove" to prevent data corruption.
Encrypt a folder on a USB drive using your operating system's built-in tools (BitLocker on Windows, Disk Utility on Mac). Practice safely ejecting the drive before removing it. Discuss with someone why you should never plug in a USB drive found in a public place.
From your work with backup and data protection, you understand that data is only as safe as its most vulnerable copy. A USB drive sitting in your bag is a copy of your files that has no password protection, no access controls, and no remote-wipe capability — just raw data readable by anyone who finds it. This is the core problem with portable media: the same physical portability that makes it convenient makes it a liability the moment it leaves your possession.
The autorun attack is the most misunderstood USB threat. When you plug in a drive, your OS may automatically execute software on it — a feature designed for convenience (auto-launching media players) that attackers exploit to install malware the moment you connect an unknown drive. Disabling autorun in your OS settings closes this vector entirely, and modern Windows versions have disabled it by default for removable media. But the social-engineering threat remains: a malicious drive left in a parking lot labeled "Salary Data Q4" exploits human curiosity, not software vulnerabilities. The safe rule is absolute — if you did not buy or format the drive yourself, do not plug it in.
Encryption solves the lost-drive problem. When the drive's contents are encrypted, a thief who finds it cannot read any files without the decryption password. Both Windows (BitLocker To Go) and macOS (Disk Utility) offer native encryption for external drives. Encrypting before transferring sensitive files means that the file-in-transit is protected end to end, not just on the original machine. If you cannot encrypt the drive, at minimum encrypt the sensitive files themselves using tools like 7-Zip's built-in AES-256 encryption before copying.
The safely remove procedure is your connection to the file-system-basics you already know: operating systems write data to drives through a cache, and the OS may not have flushed all pending writes to the physical storage when you decide to remove it. Ejecting properly signals the OS to flush the cache, confirm all writes are complete, and release the device. Yanking the drive mid-write can leave the file system in an inconsistent state — not just corrupting the file being written, but potentially corrupting the entire directory structure. With modern SSDs this risk has decreased, but the habit of ejecting properly has zero downside and prevents real data loss.
No topics depend on this one yet.