Guide to using USBs and removable media securely

USB sticks and other removable media (CD ROMs, DVDs etc) let us transfer and store large volumes of information. But if not used properly, they could accidentally import malicious content which could damage Co-op systems and compromise confidential information.

If you need to use a USB drive for work, you must use a Co-op-issued encrypted USB drive (you can order one from Heat if you need to so ask your team co-ordinator or manager if you don’t have access).

There are a few things to remember when you use USBs for work:

  • Make sure you’ve changed the password from the default one into a strong, complex password that you’ll remember (and don’t write it down)
  • If you need to send a USB stick (or any physical media) with Co-op information on it, then make sure it is transported securely – using a secure, tracked and signed for delivery service
  • If you’re carrying it with you, make sure you know where it is at all times and keep it out of public view
  • If you need to dispose of information on a USB or other physical media, contact local IT support to arrange secure disposal
  • Don’t plug any USBs you get from third parties into your computer
  • If you need to store information on storage devices long-term, contact askinformationsecurity@coop.co.uk for advice

Other removable media

  • If you use other storage devices for work, like CD ROMs or DVDs you must encrypt ‘confidential’ or ‘highly confidential’ Co-op information before it’s stored, for example, by password-protecting Microsoft Office documents.
  • For more information, see our guide – How to Encrypt
  • Destroy CDs/DVDs you don’t need any more by using a cross-cut shredder. Where bulk destruction is needed and a cross-cut shredder isn’t available, contact local IT Support.

Remember – If you lose a USB stick, or any storage device with Co-op information on it, you must contact the Information Incident Helpline straight away on 0844 262 9990.

If you don’t think you can comply with any of the requirements here, you need to submit an exception for review. To do this please get in touch at: askinformationsecurity@coop.co.uk