CT AG’s Office Provides Insight to Businesses Facing Security Threats
Cybersecurity was the topic of interest at the May 10th Chamber of Commerce of Eastern CT Business Breakfast at Mystic Marriott. The audience full of business professionals received tips on how to protect themselves against these threats, as well as where to go when you need a resource if a breech occurs.
While speaking about cybersecurity at a Business Breakfast Tuesday, Attorney General William Tong said he knows firsthand how easy it is to be fooled by online scammers. Tong admitted even he failed a phishing simulation drill at his state office.
He told the business owners gathered at the Chamber event that it would be smart to host drills to make sure their staff is trained so they don’t fall for phishing attempts, which can do great damage to their businesses.
It often feels like the bad actors perpetrating these cybercrimes are always one step ahead of the law. “We have to fight back and that’s what this presentation is all about,” Tong said at the breakfast and mini-expo, where event sponsors Triton Technologies and Bouvier Insurance were on hand displaying their offerings specific to cybersecurity.
Also speaking at the Chamber event was Michele Lucan, Deputy Associate Attorney General at the Connecticut Attorney General’s Office and Chief of its Privacy Section, who said company phishing training is important. If one’s employees fail the test, all is not lost, Lucan said. This is where follow-up training is key, Lucan added. Follow-up training can emphasize to the employees that they should not open suspicious emails again.
“One of the most important things you can do is run fire drills … so you are ready when it happens to you,” Lucan said.
Tong said that it’s not just businesses that are affected by online scammers. So are individuals, cities and towns, as well of the state of Connecticut.
“Cities and towns have tons of information,” Tong said, adding that this includes data about your car, home, where your children go to school, as well as payment information. “The state of Connecticut is targeted daily.”
What is important for businesses to realize, Tong said, is that they maintain coveted personal data about clients, which they have an obligation to safely protect from online scam artists. “All of you have an obligation to maintain it,”
He added that his office may have to take action against Connecticut businesses if they don’t adequately protect their client’s personal data. Though he did add that his office understands that for businesses, especially small ones, doing so is a process that is expensive and takes time. “We understand you aren’t as big as a Target or Home Depot,” Tong said.
If a small or large business does have a data breach, his office will be much more understanding if that business communicates the problem to the Attorney General’s Office, he said. Tong said that some businesses decide not to communicate breaches and that is a problem.
One tip Tong and Lucan suggested to those gathered is for businesses to refrain from collecting unneeded data from clients. While businesses do need to collect information and keep records on clients, Tong said that some businesses may be surprised at how much unnecessary client data they are keeping.
“Fix issues that you’re aware of and don’t bury your head in the sand,” Lucan said. “It can be scary for us to think about but there are things we can do to protect ourselves.”
Lucan emphasized that employee training is critical. Often, large data breaches occur when employees of a company click on links that don’t seem harmful. A data breach at Anthem in Connecticut occurred through an unsophisticated phishing attempt when holiday photos were emailed to employees, who clicked on the link and it led to one of the largest data breaches the AGs office has seen in Connecticut. “The key takeaway is employee training is critical,” Lucan said.
Learn more about how you can protect yourself and your business at portal.ct.gov/ag.