As a current or prospective CTPAT member, it's essential to exercise due diligence and maintain multi-layered security throughout your supply chain. However, one frequently overlooked area is the digital realm. Terrorist groups have recognized the opportunities within this new frontier and are exploiting companies globally. Taking proactive steps to safeguard your company's digital infrastructure not only protects your business but also contributes to national security.
An emerging cyber threat, Social Engineering, poses a significant risk that you must guard against. Social Engineering tactics aim to deceive individuals into unwittingly loading malicious code or disclosing sensitive information, such as passwords, via the internet. The most prevalent form of Social Engineering is known as "Phishing." Phishing involves the deceptive practice of sending emails, websites, or messages that appear to originate from legitimate companies, with the intention of persuading individuals to divulge personal information, such as passwords and credit card numbers.
Some tips to be aware of in regard to phishing include:
- Avoid clicking on web links, especially those within suspicious emails or phishing attempts. Instead, manually type the internet address into your browser and save the link in your favorites for future access.
- Refrain from responding to any texts or emails from organizations that seem suspicious or unexpected. If in doubt, verify the domain name of the email or website. Seek guidance from your supervisor if you have concerns.
- If you receive an email prompting you to update your password without initiating a password reset request yourself, refrain from clicking on the email.
If you are interested in becoming CTPAT certified be aware that CTPAT members must have comprehensive written cybersecurity policies to safeguard IT systems, covering all essential cybersecurity criteria. Veroot can help you by providing cybersecurity policies you can implement within your company.
In addition, if you were to become CTPAT certified the following MUST be adhered to.
- To protect IT systems, companies should use strong software/hardware defenses against malware and intrusions like viruses, spyware, worms, Trojans, and firewalls. Members should keep security software updated, have policies against social engineering attacks, and establish procedures for handling data breaches or equipment loss, ensuring IT system recovery or data replacement.
- CTPAT Members with network systems must regularly test their IT infrastructure security and promptly address any vulnerabilities found.
- There should be a system to detect unauthorized access or policy abuse regarding IT systems/data, including improper internal or external access and data tampering by employees or contractors. Violators must face suitable disciplinary measures.
- Cybersecurity policies and procedures should be reviewed regularly, updating them as needed based on risk or changing circumstances.
- User access should align with job roles or assigned duties, regularly reviewed to ensure access matches job requirements. Access should be revoked upon employee departure.
- Individuals accessing IT systems must use unique accounts. Access should be secured with strong passwords or passphrases, and user access must be protected. Passwords/passphrases should be changed promptly upon evidence or suspicion of compromise.
- If employees use personal devices for work, they must comply with company cybersecurity policies, including regular updates and secure network access.
- All IT equipment containing sensitive import/export data must undergo regular inventories. Upon disposal, it should be properly sanitized or destroyed following NIST Guidelines or industry standards.
Veroot is here to support you not only in acquiring the necessary policies for CTPAT certification but also in bolstering your cybersecurity measures through our dedicated in-house cybersecurity team. We understand the critical importance of both compliance and security in today's business landscape. If enhancing your cybersecurity posture and achieving CTPAT certification align with your goals, we encourage you to get in touch with us without hesitation. We're ready to assist you every step of the way.