How are others handling threats like juice-jacking, or staff plugging in random USB drive/disk?

CIOdel · September 13, 2023, 4:31am

How are others handling threats like juice-jacking, or staff plugging in random USB drive/disk? What combination of approaches do you use?

JimmyLee · September 13, 2023, 6:40am

In response to your questions:

USB devices - we have disabled Windows from recognising and using USB devices on our company device fleet. Some thought a bit draconian but overall, we managed the change by leveraging cloud sharing and Teams for internal and external collaboration. Still some risk but on balance, it works
Juice-jacking - use MAM on any devices that connect to company resources and even if the data is exfiltrated off the mobile phone, it’s encrypted. Whilst the data can technically be unencrypted, it’s just another deterrent to bad actors. If you really wanted to, you could just ban mobile devices from accessing company data but that might be counter-productive.

Madness · September 13, 2023, 9:04pm

I second this. Working in a number of banks and telecommunications companies, they have done similar things.

The USB blocking it always meet with some resistance from the business, and sometimes there are exclusions for some users but it’s most effective.

Sajidvb · September 13, 2023, 10:37pm

See some tips above. Organisations I have worked in the past mandated having a travel policy and awareness and USB by default is blocked on Windows machines. A USB blocker helps and extended battery packs - a small investment to consider depending on the no. of users who travel frequency and of travel probably.

InigoMontoya · October 31, 2023, 11:13pm

Is juice jacking a real concern? Are there any known/credible examples of this actually happening?