As a part of CTC’s initiative to prepare Connecticut businesses for cyber threats, its members and affiliates met at Frontier Communications New Haven to discuss the Life Cycle of a Data Breach and state initiatives around security. This marks the second meeting of CTC’s Cybersecurity Seminar Series.
Members and friends of CTC arrived at Frontier Communications early June 3rd to enjoy a light breakfast and networking before the start of the program. Coffee, a variety of juices, bagels, muffins and danishes were served while the 70 attendees mingled with other concerned business owners and cybersecurity experts. Once seated in the conference hall, Attorney General George Jepsen kicked off the program with a keynote address on state’s cybersecurity initiatives.
“Upon my appointment I did not expect data protection to be so important,” said AG Jepsen. “Now we are receiving breach reports at a startling rate and it is something at the forefront of my mind.”
Five months after being appointed Attorney General, and coming to terms with the reality of data protection, Jepse started the Privacy Task Force – a group of attorneys charged with being proactive about cybersecurity. One such attorney appointed to the force is Michele Lucan, assistant attorney general. Lucan was in attendance as part of the expert cybersecurity panel and did her part to shed light on some of the specific tasks associated with the Privacy Task Force.
According to Lucan, there are a number of laws already in place to protect both individuals and businesses. From social security statues to HIPAA regulations, the state is doing its part to further educate its population on data protection. Lucan notes that one of the most important implications of data security is reporting a breach. There is a rotten stigma working against breached companies making them feel shamed to admit their data was compromised. The Privacy Task Force is putting emphasis on the fact that any business can be targeted regardless of preparation. Despite the media’s reaction the attorney general’s office treats all cases with encouragement and sensitivity.
“You are a victim until the investigation shows proof of negligence.”
Panel member Steven J. Bonafonte, attorney at Pullman & Comley, followed Michele Lucan with a presentation on the Life Cycle of a Data Breach. In this presentation Bonafonte highlighted some of the most important steps in detection and response. They are as follows:
After Bonafonte’s dissection of the data breach life cycle, Gary Cuozzo, owner at ISG Software Group LLC, was asked to highlight some of the biggest data breach mistakes companies make. This is what he said:
“One of the biggest mistakes I see is companies rushing to put their systems back online before due-diligence has been done. Don’t be too hasty, stay calm and don’t jump the gun. Wait to go back online until the issue has been resolved.”
Cuozzo also noted that having an appropriate backup is incredibly important and is something most business overlook.
“If you can retain your data by taking a snap shot around the time of breach detection, your investigation could be that much stronger. Information is crucial.”
When Cuozzo was asked what specific steps business should take in the event of a breach – here is what he said:
“First, take your system offline immediately. This can be challenging, and painful, but its logistically crucial. Second, treat your compromised system with complete distrust. If a hacker got in, and if you don’t make changes, they’ll infiltrate again. Tear it down and build fresh. Last, make sure you maintain the integrity of the breached data.”
At the close of the program attendees stuck around to continue the discussion with our cybersecurity experts. Many of the attendees were impressed by the content and level of adeptness and are looking forward to the third cybersecurity seminar in September.
“I found the recent CTC Cybersecurity event in New Haven timely and informative. With the recent Connecticut regulatory changes associated with cyber intrusion, the panel discussion on back-up retention, data encryption, vulnerability testing and recovery planning provided credence to our current cyber security strategy along with some valuable insights for next steps at our company.” – Sheldon Paul, CFO, Proton OnSite
Bruce Carlson, president and chief executive officer of the Connecticut…
Cybersecurity is one of our many focus areas. Read this…