You are here:
  1. Home
  2. Cyberattack awareness
  3. USB Dropping

USB dropping awareness: train your teams on the risks associated with compromised USB drives.

USB dropping is based on a simple reflex: leaving a USB drive in a public place with the aim of arousing someone's curiosity and getting them to plug it in to "see what's on it."
I use this technique in simulations to assess employees' curiosity and reinforce their security reflexes when faced with unknown media.

Request a demo

HUCENCY HUman CENtered CYbersecurity - USB dropping test

HUCENCY HUman CENtered CYbersecurity - Red chevron

What is USB dropping?

USB dropping involves deliberately placing booby-trapped USB drives in accessible locations to encourage employees to plug them into a work computer.

The objective: to exploit curiosity and routine to introduce malware, bypass network protections, or access the workstation.

These attacks frequently target:

  • employees working on site,
  • common areas (break rooms, parking lots, hallways),
  • teams handling a large number of files,
  • environments where several visitors or service providers circulate.

Why simulate USB dropping?

  • To raise awareness of the risks associated with physical media, which are often underestimated.
  • To limit the introduction of unknown media into the computer network.
  • To reinforce basic reflexes: never plug in a device whose origin is unknown.
  • To assess the vulnerability of teams in shared spaces.
  • To encourage the reporting of suspicious objects.
Request a demo Discover Thomas

HUCENCY HUman CENtered CYbersecure - Cybersecurity awareness

How do I work?

  • 1. I generate a mini simulation program.

    I am providing you with a file to copy onto a USB drive belonging to your organization.

  • 2. You place the key in a realistic location.

    Break room, open space, reception area, parking lot... You choose the context that suits your internal needs.

  • 3. I detect the connection of the key

    When the key is inserted into a computer, the mini-program launches automatically and triggers the simulation.

  • 4. I show immediate awareness

    I explain what would have happened in a real attack: potential risks, possible malicious actions, and clues that should have raised alarm bells.

  • 5. I provide summary feedback.

    I will let you know if the key has been plugged in and what best practices to reinforce with the employees concerned.

Essential best practices

  • Never plug in a USB drive found in a public or internal location.
  • Always report any suspicious media to the IT team.
  • Use only approved and tested materials.
  • Be wary of keys “left behind” in an office or a vehicle.
  • Keep in mind that an attack can occur even without an internet connection.

Increase your teams' vigilance when dealing with unknown media.

Request a demo

HUCENCY HUman CENtered CYbersecurity - Cybersecurity Phishing and behavioral analysis of your employees