Monitor all of your accounts for any suspicious activity on a regular basis. If you see something unfamiliar, it could be a sign that you’ve been compromised. Keeping receipts and tracking your account activity will help you to see a charge that is out of the ordinary, and will help you assist the company in tracking that suspicious activity; plan to partner with that company in the investigation by providing them as much information as possible. Quick reactions can save time, money, and effort for everyone involved.

According to Reuters, late on Friday, the Department of Homeland Security (“DHS”) and the FBI issued a warning in a report, sent to firms at risk of an attack, that critical infrastructure industries may have been targeted in cyber-attacks as far back as May. The identified industries include nuclear, energy, aviation, water, critical manufacturing industries and government entities. The report indicates that hackers successfully compromised data at some of these targets. Further, the government believes that the attacks are ongoing. Continue Reading Feds Warn of Critical Infrastructure Attacks as CT Releases Report on Utility Company Cyber-Readiness

Be sure to back up your data regularly, and make sure your anti-virus software is always up-to-date. Cloud technology has made it very easy to set an automatic backup for your system, so check with your carrier and/or company to make sure that your information is backed up on a regular basis. For those that are not backing up in a cloud, it is recommended to do regular backups onto an external hard drive to save those important documents from being lost forever.

Your anti-virus software should prompt you to install new updates as they come available. The internet moves quickly and is constantly evolving.  Good anti-virus software should detect newly developed viruses and provide updates to combat them. Check the settings on your software to ensure that your anti-virus software is providing optimal protection.

Limit use of free public WiFi. Sensitive browsing, such as banking or shopping, should only be done on a device that belongs to you, on a network that you trust, and one that has security features.  Avoid logging in on your email and social media on unsecured networks as those passwords can be accessed easily by those hackers looking for that information. If you are using a friend’s phone, a public computer, or free public WiFi, your data could be copied or stolen while transmitting information on an unsecured network.

Take caution when clicking on attachments or links in every email. Phishing scams are a regular occurrence and can be crippling to businesses as well as individuals. If an email is unexpected or suspicious for any reason, do not click the link or open the attachment. Double check the URL of the website link; hackers will often take advantage of misspellings to direct you to a harmful domain. There are indicators to quickly spot these bad emails such as spelling errors, suspicious links, and incorrect email addresses from senders. If you encounter these bad emails, report them immediately according to your company’s security procedures.

Practicing good password management can help secure your information. Password requirements have evolved over time with routine password changes and increasingly complicated rules to achieve “strong password” status. In June 2017, National Institute of Standards and Technology (NIST) released new guidelines signaling a deviation in the approach to password management. Digital Identity Guidelines, Special Publication 800-63-3 eliminates the periodic password changes and complex configurations of numbers, letter, and characters. The guidelines call for passwords to be a “memorized secret”, which would be a sentence with a minimum of 64 characters describing a memory that only the user would know. This change will make it easier for legitimate users to remember and much harder for hackers to re-create.

To read the full NIST publication, click here.

It is fitting that on the first day of Cybersecurity Awareness Month, new legislation takes effect regarding one of the most destructive types of malware.  In response to the rapidly increasing rate of computer extortion cases, the Connecticut Legislature has joined several states in creating a statute specifically targeting ransomware. Ransomware is a type of malicious software that prevents access to information in a computer system until a ransom is paid.

“An Act Concerning Computer Extortion by Use of Ransomware” goes into effect on October 1, 2017.  Under the Act, the use of ransomware is a class E felony, which provides for up to three years of imprisonment, a fine of $3,500, or both. Previously, computer extortion was prosecuted under established statutes regarding computer crimes, computer-related offenses, and extortion, as well as the penalties associated with those crimes.

Just last week, a Verizon Communications vendor misconfigured a cloud server that caused the information of 6 million Verizon customers to be exposed on-line. When a cyber incident or data breach occurs on your vendor’s watch, regardless of fault, you own the resulting legal obligations and costs. The best tools for managing the risk of using vendors are due diligence and adequate contract provisions. Continue Reading Protecting Data: Vendors May Be Your Weakest Link

Data breaches have become commonplace in every industry. In health care, however, it costs much more to respond to a data breach than in all other industries in this country, according to the results of a recent IBM-sponsored study.1  The report estimates that a health care data breach costs $380 per record on average versus $225 per record in other industries. While the increased cost of a health care record is unavoidable due to the sensitive nature of the information and the fact that it is more valuable to criminals on the dark web, health care providers can take steps to prepare for a data breach, which can reduce the risk of a breach occurring and minimize costs if one occurs. Continue Reading Data Breaches Most Expensive For Health Care Industry But Precautionary Measures Can Keep Costs Down

On Friday, May 12, 2017, a damaging ransomware attack swept across more than one hundred countries and infected tens of thousands of computers. As is becoming all too common, the hackers transmitted the ransomware via a phishing e-mail, and then, once the user clicked the bait, the hackers used a method thought to have been developed by the National Security Agency, and locked businesses out of their systems. The ransomware impacted businesses both large and small, notably including sixteen of Great Britain’s hospitals forcing them to turn patients away, FedEx, the Russian Interior Ministry and a large Spanish telecommunications company. While in the wake of the attack, affected businesses must focus on damage control and clean-up, unaffected businesses should react and take steps to protect themselves ahead of being on the receiving end of the next cyber incident. Accordingly, here are five things that all businesses can do. Continue Reading Five Things You Can Do to Protect Your Business From a Cyber Attack