USB Blocker—How to Protect Data Against Portable Storage Devices

data loss prevention: The best USB blockers

AccessPatrol is a device control software solution that protects sensitive data against theft to portable storage devices.

AccessPatrol keeps data secure by…

  • Preventing users from stealing data or transferring malicious files with easily concealed USB flash drives
  • Maintaining auditable records of file transfers to portable storage devices, and…
  • Triggering real-time alerts when security policies are violated

AccessPatrol’s central console allows you to apply security policies and run reports on your user’s USB activities from the convenience of a web browser. 

The security policies are enforced by a software agent that is installed on your user’s computers. This keeps devices restricted and monitored even when the computers are taken off of the network.

Here’s an overview of AccessPatrol’s key features.

Under Device Permissions you can assign unique device control policies for specific groups of computers or users. 

AccessPatrol controls a variety of peripherals, including…

  • Storage devices such as USB flash drives and external hard drives
  • Wireless Devices such as Bluetooth, Infrared, and WiFi
  • Communication Ports such as Serial and Parallel ports
  • Imaging Devices such as Scanners or Cameras, and…
  • Other Devices such as network share drives, printers, and mobile phones

Under the allowed list you can specify trusted devices that can be used on your computers.

If you need to temporarily lift device restrictions for devices that aren’t on the allowed list, you can use the access code generator.

This allows you to set a time-limited policy exemption for a specific computer. The access code generator does not require internet access to work, making it the ideal solution for travelling users and other special circumstances.

To further protect sensitive data, AccessPatrol allows you to block file transfers based on file names and extensions. This ensures that even allowed devices can’t transfer sensitive data.

AccessPatrol also includes a variety of USB activity reports to help organizations audit data transfers and peripheral device use.

These reports provide insight into…

  • All files that have been copied, created, renamed, or deleted on USB storage devices, and…
  • A timestamped device history for each user, including attempts to use blocked devices

AccessPatrol’s reports can be generated on-demand, on a set schedule, or automatically sent to your inbox to alert you of specific events.

Don’t let a preventable data leak ruin your organization. Take back control over portable storage devices with a free trial of AccessPatrol.

Get started today by visiting CurrentWare.com/Download

If you have any questions during your evaluation our technical support team is available to help you over a phone call, live chat, or email.

Thank you!

Need a USB blocker to protect sensitive files against theft to portable storage devices? In this article you will learn why you need to block USB devices and the USB control methods that are available to you.

Ready to block USB ports right away? Get started immediately with a free trial of AccessPatrol, CurrentWare’s USB blocking software.

Table of Contents



What Are the Risks of Removable Media Devices?

Data Leaks & Insider Data Theft 

“CurrentWare saved us a lot of time and money. If we didn’t have them we would have never known what was going on.” - Vincent Pecoreno Network Administrator, Viking Yachts
Case Study: See How CurrentWare’s USB Blocker Software Stopped a Data Thief in the Act

The theft of sensitive data via USB ports is by far the greatest risk presented by unmanaged USB devices. Companies with databases full of sensitive data such as customer information, intellectual property, and trade secrets are especially vulnerable to insider data theft as this data can be used for personal or professional gain.

A USB blocker is an essential part of any data theft prevention strategy. By not restricting USB drives and other external devices from USB ports a data security incident is as simple as a user sneaking in an unauthorized USB flash drive, plugging it into a USB port, initiating a download of sensitive data from the network to the device, then walking away. 

Data Loss & Integrity Risks

data loss prevention - the top data exfiltration risks

USB devices are portable, which makes them convenient for mobile data storage. It also makes them incredibly easy for a user to misplace. 

If a proper data backup system is not in place for crucial data there is a risk that the most up-to-date version of a file is located on a USB removable storage device. Should one of the removable devices go missing the integrity of the data will be compromised, not to mention the potential data breach if the data wasn’t encrypted.

With a USB blocker you can improve data security by limiting what files are allowed to be transferred to a USB device.

USB Malware & Viruses

Since USB flash drives are capable of storing and transmitting data, they are potential vectors for malware. The infamous Stuxnet computer worm, for example, was able to infect air-gapped computers in an Iranian uranium enrichment plant when infected USB flash drives were plugged its USB port.

Even if USB drives aren’t intentionally infected with malware, personal USB devices are at a greater risk of inadvertent infections. A USB blocker protects against rogue USB devices by blocking USB ports and allowing you to authorize trusted USB drives.

Learn More: How Rogue USB Devices Harm Security

Examples of Removable Devices

A 32 gigabyte USB flash drive sitting on top of a computer keyboard

Removable devices—also known as portable storage devices—consist of a variety of compact devices that can connect to another device to transmit data from one system to another. 

  • USB storage devices (“Jump Drive”, “Data Stick”, “Thumb Drive”, “Flash Drives”, etc)
  • SDHC, SDXC & SD cards
  • External drives and solid-state drives
  • R/W Compact Disk or DVD media
  • Mobile devices such as tablets, smart devices, cameras, and portable media that support a data storage function such as player-type devices with internal flash or hard drive-based memory.
  • eSATA devices
  • Floppy disks

USB Control Methods

To protect sensitive data against removable media devices you need more than a single tool. A layered cybersecurity strategy that combines physical, technical, and administrative controls is the most effective approach to preventing viruses and data loss.

This section will overview a few USB control methods that you can use to mitigate this threat.

USB Blocker Software

The best USB blocker software (device control software) are centrally-managed solutions that allow you to selectively enable and disable what types of removable media devices can be used and which endpoints/users are permitted to use them.

For example, you can use USB blocker software to for blocking USB ports for any user or computer with access to sensitive data while leaving the USB blocker turned off for users that pose less risk. 

You can also enforce the exclusive use of authorized USB devices by blocking USB ports to peripheral devices that have not been added to an allow list.

CurrentWare’s USB blocker software AccessPatrol allows you to block or unblock USB ports in just a few clicks, making USB port security simply and scalable.

AccessPatrol includes key features to prevent data leakage to portable drives:

  • Only allow trusted devices
  • Get alerts of potentially malicious activity such as attempts to use unauthorized removable storage devices
  • Integration with Active Directory
  • Control other devices such as Bluetooth, Firewire, SD/MM cards, and scanners.

Learn More: Which devices can I control with AccessPatrol?

Pros of a USB Blocker SoftwareCons of a USB Blocker Software
Scalable USB security. Solutions that allow for remote central policy management make managing the USB security policies of an entire business scalable. The solution is not free. While there may be some freeware solutions with limited functionality available, the best features for business use are found in paid USB port blocker software solutions.
Greater visibility. The best USB control software solutions will include a feature to monitor USB activities.

Timestamped reports of what devices are being used, which computer it was used on, and which user was logged in are incredibly valuable when investigating suspected data leaks. 
Requires a software agent. To control all the USB ports with USB port blocker software you need to install a software client on each machine you’d like to control. This limits your ability to control USB ports on equipment that is owned by the user. 
Granular control. Rather than completely blocking a USB port you can selectively choose what devices are allowed and who is allowed to use them.

The best USB control software will allow you to selectively assign read-only, read/write, and no access to each device type. 

Ready to start blocking USB devices? Get started today with a free trial of AccessPatrol, CurrentWare’s USB control software.

Removable Media Policy

removable media policy template mockup

Removable Media
Policy Template

  • Set data security standards for portable storage
  • Define the acceptable use of removable media
  • Inform your users about their security responsibilities

Get started today—Download the FREE template and customize it to fit the needs of your organization.

A removable media policy is a type of information security policy that dictates the acceptable use of portable storage devices such as USB flash drives, external hard drives, and tape drives. 

These policies serve as a critical administrative security control for managing the risks of removable media. They establish the security responsibilities of users, explain the importance of following security standards, and provide guidelines for protecting sensitive data when using removable media.

A USB blocker works in tandem with these administrative security controls to ensure your users avoid high-risk behavior such as using personal USB devices or stealing data for personal or professional gain.

Block USB Ports With Epoxy, Super Glue, etc

As extreme as this USB port blocker is, it’s a surprisingly commonly suggested tool. After all, it does prevent the use of USB ports on a computer; albeit permanently.

If you desperately need a USB blocker while on a shoestring budget, it technically get the job done. As they say, “sometimes it’s best to just take control of the physical layer and call it a day.”

While using epoxy as a literal USB port blocker will certainly prevent the use of removable storage devices, there are several downsides…

Pros of this USB BlockerCons of this USB Blocker
It’s a permanent USB blocker. The ports are truly blocked, ensuring that no devices can be used. You can’t unblock USB ports. With no option to block and unblock USB access, the computer is permanently unable to accept any devices for the rest of its lifespan.
It’s cheap and easy! No need to purchase USB blocking software or spend time in the BIOS on each computer. Applying epoxy is as simple as pressing a plunger.It harms employee productivity. Modern day keyboards, mice, and other peripherals need a USB port to function. A permanent USB blocker prevents the use of legitimate devices.
It’s unnecessarily destructive. The device immediately loses any value for resale/refurbishment. Reliably getting epoxy out of the ports simply isn’t worth the risk and labour.
It’s not scalable. While this might not take too much time for a few devices, it quickly becomes too much of a hassle for an entire fleet. 
It lacks flexibility. Physical USB blocking can only block or unblock the USB port. It lacks granular device control such as only blocking unauthorized storage devices.

USB Blocker Hardware for USB Ports

Rogue USB Devices Harm Endpoint Security

Sticking with the physical layer, you could try a USB port blocker. A hardware USB blocker works similarly to the epoxy method, but using a reversible lock-and-key system. 

While it will require a greater initial investment than epoxy, the ability to protect your ports from permanent damage is more than worth it. Since the USB ports are completely blocked, physical port locking with USB blocker hardware offers protection against all USB devices.

Pros of this USB BlockerCons of this USB Blocker
It’s a functional USB blocker. The USB ports are truly blocked, ensuring that no devices can be used. It’s not scalable. While this might not take too much time for a few computers, it quickly becomes too much of a hassle for an entire fleet. 

With a dedicated USB blocker software you can block or unblock unlimited USB ports in just a few clicks.
It’s cheap and easy! No need to purchase USB blocking software or spend time in the BIOS on each computer. It’s inconvenient. Any time a USB device needs to be allowed an authorized user needs to physically come up to the computer and remove the USB lock to unblock the port.  
Layered security. A physical USB blocker serves as an added layer of device control. When combined with USB blocker software a company will have full device control.It lacks flexibility. Physical USB blocking can only block or unblock the USB port. It lacks granular device control such as only blocking unauthorized USB storage devices.
Platform agnostic. A physical USB lock works regardless of the operating system of the computer, though you’ll need to have unique USB blockers for each USB connection type.

USB Security Hardware

USB converter

With so many security risks it can be risky to support allowing even trusted users to use their USB ports. USB security hardware such as a USB data blocker (“USB condom”) can allow charging via USB without enabling data transfer.

A USB firewall such as the USG can further protect against rogue USB devices by acting as an interface between a USB device and the user’s computer, limiting the USB device’s capabilities to only a few safe commands.

Pros of this USB BlockerCons of this USB Blocker
Layered security. USB security hardware serves as an added layer of device control. When combined with USB blocker software a company will have full device control.It’s not reliable. These devices are great for providing another layer of security, but it’s not a reliable standalone tool. All it would take is a user neglecting to use the provided protection to introduce malware.
It’s great for third-party USB drives. For edge-cases where unauthorized devices may need to interface with the network, a USB firewall offers excellent protection against malware.It’s inconvenient. With this tool the user needs to remember to bring a physical USB block with them. Should they lose the tool they’ll simply be tempted to use their USB port anyway. 

Disable USB Ports on Each Computer

USB device trying to connect to a USB port. "Forbidden" symbol overlayed.

If you do not need a USB blocker solution that allows you to easily unblock USB ports as-needed, you could completely disable USB ports. On Windows devices this can be accomplished using the BIOS, by modifying Registry keys, disabling USB root hubs in Device Manager, or physically removing the USB ports altogether. 

While this may be feasible in environments that genuinely have no use for USB ports, when you block USB ports in this way you also prevent the use of modern day keyboards and mice, among other USB devices that are essential for business use. 

If you choose to leave any USB ports enabled it completely defeats the purpose of using a USB blocker in the first place. A user only needs one port to use unauthorized hardware to transfer files. With a USB hub they can easily connect multiple devices to any enabled ports. 

Pros of this USB BlockerCons of this USB Blocker
It’s inexpensive. There’s no need to purchase software, all you need is time. It harms employee productivity. Modern day keyboards, mice, and other peripherals need a USB port to function. Completely disabling the ports prevents the use of legitimate devices.
It lacks flexibility. Fully disabling ports blocks access to all devices, including those related to the business’ legitimate needs.
No visibility. If any ports are left enabled there is no way to monitor their use to ensure that unauthorized devices aren’t being used.

Looking for even more protection? Your cybersecurity risk management program needs to extend far beyond a USB block. Download the full CurrentWare Suite for enhanced control and visibility over your endpoints: Block dangerous websites, monitor employee computer activity, and restrict peripheral devices—all from the same central console. 

Prevent Data Leaks Today—Get Started With AccessPatrol USB Blocker Software

Hey everyone, this is Dale here. I am the Digital Marketing Manager for CurrentWare.

In today’s video, I’d like to show off the new USB activity dashboards introduced to AccessPatrol in version 7.0.

These dashboards provide a convenient overview of the peripheral device usage of your entire workforce as well as specific groups or users—all from the convenience of a web browser.

They work in tandem with AccessPatrol’s device control features and USB activity reports to protect sensitive data against the security risks of portable storage devices.

Today’s video is just a sneak peek of what AccessPatrol is capable of; as time goes on you can expect to see further enhancements and data points added to these dashboards.

At this time, AccessPatrol can track activities from the following peripherals:

  1. Portable storage devices such as USB flash drives, external hard drives, optical discs, tape drives, and SD cards
  2. and Mobile devices including smartphones, PDAs, and tablets

This device usage data is used to populate various graphs across AccessPatrol’s dashboards. You can further refine how granular this data is by limiting the time frame, selecting only specific groups, and even investigating individual users.

Having these metrics available at a glance makes detecting potential insider threats far more efficient as your organization scales. 

Any groups or users that need to be reviewed further can be investigated using the more granular dashboards and AccessPatrol’s device activity reports.

For a more proactive approach to insider threat management you can set up targeted alerts that will notify designated staff members when these high-risk activities occur. 

For the most up-to-date information on AccessPatrol’s activity tracking and data loss prevention capabilities, visit our knowledge base at CurrentWare.com/Support or visit the AccessPatrol product page at CurrentWare.com/AccessPatrol

 In the overview dashboard you can review the following metrics:

  • File Operations that happened over the selected time period, including the number of files that have been copied/created, the number of files that have been deleted, and the number of files that have been renamed/saved as.
  • Overall Device Activities, with a breakdown of how many of the peripherals were authorized and how many were blocked from use.
  • The Top 5 File Types graph shows the most common file types that are copied/created or deleted to and from portable storage devices
  • The Top 5 Device Types graph shows the most common classes of peripheral devices that are blocked and allowed
  • The Top 5 Files Operations graph shows which groups or users have the greatest number of files that have been Copied/Created and Deleted to and from portable storage devices
  • The Top 5 Devices Activities graph shows which groups or users have the greatest number of Blocked and Allowed devices.
  • And finally, The Activity Log provides access to the raw data, with controls to show and hide certain columns, filter and sort data, conduct searches, and export the data to an Excel spreadsheet or PDF. Each dashboard has their own Activity Log with columns that are relevant to that specific dashboard.

Moving on to the Files Dashboard you will see…

  • A timeline of file operations that shows the relationship between the various operations over the course of the selected time period. This can be used to search for patterns in anomalous device usage, such as peaks in file transfers outside of regular operating hours.
  • You will also see graphs with the Top File Types Copied/Created to internal hard drives and external devices
  • Below that, we have graphs that show the users or groups that have Copied/Created or Deleted the most files
  • And, just like the overview dashboard, there is an Activity Log with the raw data.

Finally, we have the Devices Dashboard

In this dashboard, we have…

  • A device activities graph that shows a timeline with the number of allowed and blocked devices each day. This can be further refined to show an hourly breakdown of a specific day so you can find out what time your users were attempting to use blocked devices. 
  • Next, we have graphs with the users or groups that have the most allowed and blocked devices activity over the selected time period. 
  • Scrolling down to the Activity Log, we can use the sorting controls to take a closer look at the users that have been attempting to use unauthorized peripherals.

As you can see, we have specific users that are repeatedly trying to use devices that have not been approved for use by the organization.

While this could just be an accidental oversight on the user’s part, there’s a risk that it’s something much more serious. 

For example, what if this is actually a disgruntled employee trying to steal trade secrets or sensitive customer data so they can bring it to a competitor, or worse, sell it to cybercriminals on the dark web.

Between the costs associated with a damaged reputation, fines, loss of competitive advantage, and remediation, a data breach like this could completely ruin a company.

Before we confront this employee or send them for retraining, let’s investigate this incident further so we can make an informed decision.

Clicking on this user, we’ll be taken to a dashboard that focuses exclusively on their activity. 

Looking at the Devices graph we can see that they have made multiple attempts to use blocked devices. 

Scrolling down, we can see that they’ve been trying to use unauthorized portable storage devices.

Since AccessPatrol is currently blocking any devices that are not explicitly allowed, I know that the only way sensitive data is leaving through a USB drive is if it’s a device that we’ve allowed before. So, let’s take a closer look at how they’ve been using their approved devices.

As you can see here, the types of files that they are transferring are more than capable of containing sensitive data; let’s take a look at the file names for more details.

With the Activity Log we can use the filters, sorting, and column options to isolate our view to the entries we’re the most interested in. 

Once we find something that looks off, we have more than enough information to confront this employee and take any necessary corrective actions.

Ready to protect your sensitive data against theft to USB portable storage devices? Block and monitor peripheral device usage today with a free trial of AccessPatrol, CurrentWare’s USB control software.

Simply visit CurrentWare.com/Download to get started instantly, or get in touch with us at CurrentWare.com/Contact to book a demo with one of our team members. See you next time!

Ready to take control over removable media devices? Get started today with a free trial of AccessPatrol, CurrentWare’s USB blocking software. Use AccessPatrol on a Windows PC or in a Citrix VDI deployment for free to test its USB blocking capabilities in your environment.

  • Block USB: Prevent the use of unauthorized USB devices on your Windows computers. The restrictions remain enforced on the device even without an internet connection
  • Granular Controls: Selectively block and unblock specific peripherals such as flash drives, external hard drives, SD/MM cards, Bluetooth, and WiFi. Assign unique security policies to each group of endpoints and users.
  • Monitor USB Activity: Get reports and alerts of removable storage device use. Find out what devices are being used, get auditable reports of file activity to portable storage, and get alerted when unauthorized devices are used.
  • Limit Data Transfer: Prevent authorized devices from stealing sensitive data by selectively restricting file transfers based on file name and extension.
  • Central Console: Access the password-protected web console from the convenience of a web browser to manage the solution and configure policies for your entire workforce.
Dale Strickland
Dale Strickland
Dale Strickland is the Digital Marketing Manager for CurrentWare, a global provider of user activity monitoring, web filtering, and device control software. Dale’s diverse multimedia background allows him the opportunity to produce a variety of content for CurrentWare including blogs, infographics, videos, eBooks, and social media shareables.
Get Your Free Removable Media Policy Template

Get Your Free Removable Media Policy Template

Download this FREE removable media policy template to help protect the sensitive data in your custody.

👉 Set data security standards for portable storage

👉 Define the acceptable use of removable media

👉 Inform your users about their security responsibilities

Here's Your Free Template!

Pin It on Pinterest