The Department of Homeland Security (“DHS”) released its cybersecurity strategy on May 15, 2018.  The 35-page document sets forth a plan for managing cybersecurity risks through public and private sector collaboration.  By 2023, DHS seeks to have “improved national cybersecurity risk management by increasing security and resilience across government networks and critical infrastructure; decreasing illicit

On May 3, 2018, Governor Malloy announced the release of the State of Connecticut’s Cybersecurity Action Plan, which builds on the State’s Cybersecurity Strategy launched in July 2017.  Developed by Connecticut’s Chief Cybersecurity Risk Officer Arthur House and Chief Information Officer Mark Raymond, the Action Plan applies the seven principles set forth in the Cybersecurity Strategy –  leadership, literacy, preparation, response, recovery, communication, and verification – to individuals, organizations, government agencies, and businesses.
Continue Reading Connecticut’s New Cybersecurity Action Plan

In August, the United States Court of Appeals for the DC Circuit revived a class action lawsuit, holding that the threat of harm from a data breach is enough to satisfy the “injury in fact” standing requirement. Attias v. Carefirst, Inc., 865 F.3d 620 (DC Cir. 2017). The defendant, a group of health care insurers, filed a Petition for Writ of Certiorari to the United States Supreme Court on October 30 of last year. While the Supreme Court is deciding whether to grant the pending Petition, it is worthwhile to briefly review the standing question in the context of protecting your business from liability.
Continue Reading Can’t This Just Be Over? Standing In Cybersecurity Claims

Monitor all of your accounts for any suspicious activity on a regular basis. If you see something unfamiliar, it could be a sign that you’ve been compromised. Keeping receipts and tracking your account activity will help you to see a charge that is out of the ordinary, and will help you assist the company in

According to Reuters, late on Friday, the Department of Homeland Security (“DHS”) and the FBI issued a warning in a report, sent to firms at risk of an attack, that critical infrastructure industries may have been targeted in cyber-attacks as far back as May. The identified industries include nuclear, energy, aviation, water, critical manufacturing industries and government entities. The report indicates that hackers successfully compromised data at some of these targets. Further, the government believes that the attacks are ongoing.
Continue Reading Feds Warn of Critical Infrastructure Attacks as CT Releases Report on Utility Company Cyber-Readiness

Be sure to back up your data regularly, and make sure your anti-virus software is always up-to-date. Cloud technology has made it very easy to set an automatic backup for your system, so check with your carrier and/or company to make sure that your information is backed up on a regular basis. For those that

Limit use of free public WiFi. Sensitive browsing, such as banking or shopping, should only be done on a device that belongs to you, on a network that you trust, and one that has security features.  Avoid logging in on your email and social media on unsecured networks as those passwords can be accessed easily

Take caution when clicking on attachments or links in every email. Phishing scams are a regular occurrence and can be crippling to businesses as well as individuals. If an email is unexpected or suspicious for any reason, do not click the link or open the attachment. Double check the URL of the website link; hackers

Practicing good password management can help secure your information. Password requirements have evolved over time with routine password changes and increasingly complicated rules to achieve “strong password” status. In June 2017, National Institute of Standards and Technology (NIST) released new guidelines signaling a deviation in the approach to password management. Digital Identity Guidelines, Special Publication