Network Trace
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

15) Has your organisation disabled auto-run on all of its Microsoft Windows based IT systems?

August 30, 2022
IT Operations

Answer yes if your organisation has disabled auto-run on all of its IT systems. Autorun is a feature on Windows’ operating systems that automatically executes code present on external devices when they are plugged into a PC.

AutoRun and the companion feature AutoPlay are components of the Microsoft Windows operating system that, if enabled, automatically initiate executable software on media (USB sticks and CDs) and mounted drives.

AutoRun functionality has been used as a malware vector for some time, typically via USB devices. An example scenario of where this vector might be used would be when a malicious actor loads malware onto a USB memory stick and leaves the USB media outside of a targeted office. An employee might pick up the USB and plug it into a system (with the intention of finding it out who to return it to) and unknowingly execute the malware stored on the USB.

Enterprise wide disablement of AutoRun functionality mitigates against a significant threat to your business.

This is a control required to maintain a Cyber Essentials certification.

How to implement the control

In order to implement this control you need to disable AutoRun on all of your Windows devices.

If you are a small or medium sized business and you don't centrally manage your devices (through the use of an Active Directory for example) you may have to log into the administrator account of each device and disable AutoRun within the Windows settings.

If you centrally manage your windows devices you can disable AutoRun using a Windows Group Policy.

More information on disabling AutoRun can be found here.

If you would like to contribute to this article or provide feedback, please email Contributors will be recognised on our contributors page.

Pattern Trapezoid Mesh

Defend against supply chain attacks with Defend-As-One.

No organisation is an island.