In an effort to help businesses better safeguard themselves from cybersecurity threats, the state recently released a plan aimed at strengthening cyber defenses.
The Connecticut Cybersecurity Strategy outlines seven key principles including leadership, literacy, preparation, response, recovery, communication and verification that can be applied to every person, organization, government agency, and business in Connecticut.
"Regardless of industry, protection from these attacks should be a top priority," said CBIA president Joe Brennan.
"Too many companies underestimate this threat or simply don't know how to protect themselves until it's too late.
"As the report says, education and training are vital to preventing attacks, and this guide provides necessary first steps for businesses to start protecting themselves."
The document includes a detailed look at different sectors—including business—and outlines risks for each.
Within the business sector, four key industries are specifically identified as susceptible to cyber threats: critical infrastructure, financial services, insurance, and defense.
The biggest theme throughout the strategic plan is the need for collaboration and preparation.
"We must collaborate to raise awareness of the dangers, strengthen our defenses and prepare to respond and recover," the report says. "We are connected in this effort."
Arthur House, the state's first chief cybersecurity risk officer, said Connecticut wants to be a leader in managing cyberthreats.
Too many companies underestimate this threat or don't know how to protect themselves until it's too late.
"Federal authorities pound that point home. They constantly tell us, 'We cannot do it all.' Security has to start at the local level."
The state plans to release an action plan containing concrete steps to address the issues raised in the report.
The Department of Emergency Services and Public Protection—through the Connecticut State Police, the Connecticut Intelligence Center, and the Division of Emergency Management and Homeland Security—will also have a significant role in the plan’s implementation.
- Patch devices regularly: Make sure computers, mobile device apps, and anything else connected to the internet are running the most up-to-date software/firmware security patches.
- Use updated antivirus software: Installing antivirus software on devices is simply not enough. Ensure that the software regularly scans the devices and receives periodic updates for ongoing protection.
- Backup important data: Cyber attacks like ransomware may even infect up-to-date systems, so it is essential to back up data on a regular basis into a separate device (or to the cloud) to ensure continuous access to critical data.
- Stay alert and informed: The most common method for malware dissemination is through phishing, which involves criminals emailing people with the intent of tricking them to either open an infected attachment or click on a link to a malicious website. If a suspicious email is received, delete it. Visit reputable cybersecurity websites to remain current on trends and alerts.
- Notify IT provider: If any abnormal computer behavior is noticed, if a device becomes infected with ransomware, or if an individual calls offering to provide unsolicited technical assistance, call a local law enforcement agency. Be sure to dial the non-emergency number for the local police department and provide them with as many details as possible regarding the incident.