How to track files copied to USB drives with DataSecurity Plus.

Start your free trial

It's imperative to continuously monitor files copied to USB drives to detect and prevent unwarranted data transfers, which can result in data loss or misuse. Follow the steps below to configure DataSecurity Plus' device control functionality to closely audit and track down any files copied to USB drives.

Steps to track file activities on USB drives:

  1. Download and install DataSecurity Plus.
  2. Open the DataSecurity Plus console.
  3. Navigate to the Endpoints tab. Go to Configuration → Sources → Devices.
  4. In the Configured Workstation(s) page, select Add Workstation(s) in the top-right corner.
  1. Select your Domain.
  2. Select the + symbol next to the Select Workstation(s) text box, and add the workstations that you want to audit and secure.
  3. Choose Removable Device Auditing.
  4. Select Install Agent and Finish.
  1. Navigate to Reports. Under Source Based Reports, choose Removable Storage File Activity Report.
  2. Use the Period drop-down to select the desired time range over which file activities on removable storage devices such as USBs are to be monitored.
  3. The report displays all file activities made on removable storage media.

Steps to track only files copied to USB drives:

  1. Go to Endpoint → Configuration → Settings → Audit Configuration.
  2. Choose Removable Storage from the available audit profiles.
  3. Select Edit for the Removable Device Auditing audit profile.
  4. The audit profile is predefined with an appropriate Name, Source, and Description.
  5. Navigate to the Criteria section, and add these filters under the Include tab:
    • Actions: Files pasted.
    • Users: All.
  6. Use the Exclude option to exempt trusted users, groups, or nonessential files from the File copied report.

Steps to block USB drives and trigger instant alerts in response to sensitive files copied to USB devices:

  1. In the DataSecurity Plus console, navigate to the Endpoints tab.
  2. Go to Configuration → Settings → Alert Configuration.
  3. Choose Removable Storage from the available Alert Profiles.
  4. Select the Edit option for the Data Leak Prevention alert profile.
  5. The alert profile is predefined with an appropriate Name, Source, Description, and Severity.
  6. Navigate to the criteria section, and add these filters under the Include tab:
    • Actions: Files pasted.
    • Users: All.
    • File classification*: Restricted.
    Note: Use other criteria such as File Type, File Size, File Name, and more to selectively monitor critical data being copied.
  7. Use the Exclude option to exempt trusted users, groups, or nonessential files from the File copied report.
  1. Under the Threshold tab: 
    • Check Enable.
    • Specify the desired threshold value (e.g., configuring "100 events in 1 minute by any source" will raise an alert when 100 or more files are copied/pasted in under a minute.)
    Note: The threshold limit can be customized to your organization's needs.
  1. Under the Response tab:
    • Select Email, and check Enable email notification.
      • Specify one or more email addresses you would like to send alerts to.
      • Set the email Priority to High.
    • Add an appropriate Subject and Message for your email.
    • Select Block USB and check Enable Block USB.
  2. Click Save.

You have now successfully configured DataSecurity Plus to audit, alert, and respond to sensitive files being copied.

Tip: You have now successfully configured DataSecurity Plus to audit, alert, and respond to sensitive files being copied.

*File classification: Files need to be classified manually based on their sensitivity as Public, Internal, Sensitive, or Restricted.

Tip: To automatically classify files based on the sensitivity of their content, try DataSecurity Plus' Data Risk Assessment module.
Email Download Link