CTPAT Breakdown: 4.10

Item 4.10

If Members allow employees to use personal devices to
conduct company work, all such devices must adhere to
the company’s cybersecurity policies and procedures to
include regular security updates and a method to securely
access the company’s network.

Implementation Guidelines

Personal devices include storage media like CDs, DVDs, and USB flash
drives. Care must be taken if employees are allowed to connect their
personal media to individual systems since these data storage devices
may be infected with malware that could propagate using the company’s
network.

This should also include smart phones, music players, cameras, and any device that includes a storage capability of some sort and can connect to a computer.

This is another management item to create polices and procedures that make more work for IT staff.

Implementation

Personally, I think the use of personal devices in the office should be banned as it opens too many issues. The whole BYOD movement is not conductive to secure environments. At a minimum a personal device needs to be quarantined until it passes inspection by IT staff each time it is to be used on the company’s network.

Data Loss Prevention (DLP) may also come into play here as you would have to track every device that connects to the company network, its status, and its usage. McAfee does office a DLP program.

Bookmark the permalink.

Comments are closed.