What's the issue here?

USB data storage devices pose a security threat. By ‘USB data storage device’ we mean any portable devices that can store data or transfer files via a USB port. These devices are commonly called ‘USB sticks’, ‘memory sticks’, ‘flash drives’, ‘pen drives’ or even ‘thumb drives’ - although other types of devices might also be affected (e.g. camera cards). Uncontrolled USB port usage is a vulnerability that was identified in the ICO audit. 

The risks include:

• loss or theft of the USB device itself and therefore any data on it
• infection of other computers and users from use of a contaminated USB device and consequent wider infection of the University network and our infrastructure
• an example of these risks is explained in this article

What are we doing about it?

The University Information Management Executive Committee (UIMEC) has agreed that the use of USB ports for data transfer is no longer an acceptable risk for the University. This decision means that a computer used for University business will have USB ports capable of reading or writing data, blocked. Initially, this will be applied to Managed Windows 10 Desktop computers at the end of this year. Following that change, the University aims to block USB ports on all other Warwick devices that are used to work on sensitive University data. 

What if I use a USB stick to store or backup data?

If you make use of a USB device to save data, you should start to move your data to alternative storage locations – for example, an H: or M: drive, or Microsoft OneDrive (included as part of the University Office365 suite). For staff who need additional storage capacity, requests can be made to the Helpdesk or via self-service requests. Find out about storage here. 

Teaching at Warwick 

Alternative ways to get to your presentation online (ensuring you are logged-in with an appropriate University log-in):

• Keep your presentation on an online teaching platform like Moodle or Teams and use a web browser to navigate to it from a Teaching Room Lectern.
• If your presentation is on a storage platform like the H: or M: drive you can also navigate to it online via a web browser using https://myfiles.warwick.ac.uk.
• Alternatively, you can connect your own laptop to the lectern via an HDMI or other video port. Please ensure your laptop meets the minimum-security specification before doing so.

Presenting at a conference or other external event 

Instead of taking a USB stick with you, please use a file transfer system like Files.Warwick or OneDrive to securely share your presentation to the conference host ahead of the conference. If you must take a laptop with you to the conference, ensure it is encrypted and password locked and meets the University minimum-security specification 

Organising a conference at Warwick 

As the event host, make arrangements with your presenters to receive their presentations ahead of the conference and make them aware that they won’t be able to use USB ports on our campus devices. 

What if I have a device that I think should work, but doesn't? 

When a USB data storage device that is blocked is plugged into a Managed Windows 10 Desktop computer, a pop-up message will advise you that the device is blocked. If you believe this to be an error, you can click the link in the message to request access for that device. The Helpdesk will provide support. 

What about other USB devices? 

Other USB devices, such as headsets or printers, for example, should continue to function normally. 

For further advice or support, please contact the Helpdesk.

 Information and guidance

• Please read and follow our regular communications and key security advice
• Read and share these ten key points to ensure you are working as securely as possible.

Security & Information Management is Everyone's Responsibility