Admitting that a virus had struck DoD networks, the government began confiscating government-issued USB drives and sending unequivocal orders that use of personal devices was absolutely prohibited.
The Defense Department has been reticent about releasing too many details regarding the situation, which is to be expected, but begs the question of how effective its anti-malware and device monitoring systems were in the first place.
That said, the salient point here, and the one most crucial to small and midsized businesses is the establishment of a policy regarding use of personal devices.
Even with effective and up-to-date anti-malware and device monitoring tools in place, you need to think hard about just what your employees will -- and more importantly will not -- be allowed to connect to your networks.
Without such hard, careful thought, translated into a firm and firmly enforced policy, you run the risk of being put in the same sort of reactive that the DoD is in, which is not where you want to be.