18) Has your organisation disabled auto-run on all of its Microsoft Windows based IT systems?
IT Operations Auto-Run
Written by Haydn Brooks
Created on March 18, 2019
Modified on July 8, 2020

Answer yes if your organisation has disabled auto-run on all of its IT systems. Autorun is a feature on Windows’ operating systems that automatically executes code present on external devices when they are plugged into a PC.

AutoRun and the companion feature AutoPlay are components of the Microsoft Windows operating system that, if enabled, automatically initiate executable software on media (USB sticks and CDs) and mounted drives.

AutoRun functionality has been used as a malware vector for some time, typically via USB devices. An example scenario of where this vector might be used would be when a malicious actor loads malware onto a USB memory stick and leaves the USB media outside of a targeted office. An employee might pick up the USB and plug it into a system (with the intention of finding it out who to return it to) and unknowingly execute the malware stored on the USB.

Enterprise wide disablement of AutoRun functionality mitigates against a significant threat to your business.

This is a control required to maintain a Cyber Essentials certification.

How to implement the control:

In order to implement this control you need to disable AutoRun on all of your Windows devices.

If you are a small or medium sized business and you don’t centrally manage your devices (through the use of an Active Directory for example) you may have to log into the administrator account of each device and disable AutoRun within the Windows settings.

If you centrally manage your windows devices you can disable AutoRun using a Windows Group Policy.

More information on disabling AutoRun can be found here.

If you would like to contribute to this article or provide feedback, please email knowledge@riskledger.com. Contributors will be recognised on our contributors page.