HARTFORD, CT - Governor Dannel P. Malloy today announced the release of the Connecticut Cybersecurity Strategy – a document outlining seven key principles that can be applied to every person, organization, government agency, and business in Connecticut on strengthening efforts to protect the state’s cybersecurity defenses.
The strategy was produced through the Department of Administrative Services (DAS) by the state’s Chief Cybersecurity Risk Officer Arthur House and Chief Information Officer Mark Raymond at the request of Governor Malloy. The Governor created the position of Chief Cybersecurity Risk Officer last year and charged House with creating this strategy as his first priority.
“We receive daily reminders that we are living in a time of cyber insecurity, and we need to be proactive in this effort,” Governor Malloy said. “The federal government, our national intelligence, and homeland security officials are doing their part, but states have a vital role to play. Connecticut is leading the way in taking action that will allow us to be prepared for any contingency and safeguard our residents from cybersecurity threats to critical infrastructure. I am grateful to Arthur House, DAS Commissioner Melody Currey, and CIO Mark Raymond for their work in this effort, and also to those in government, business and education who helped them produce this important first step toward a safer Connecticut.”
To download the Connecticut Cybersecurity Strategy, visit www.ct.gov/ctcyberlibrary.
The seven principles discussed in the strategy – leadership, literacy, preparation, response, recovery, communication and verification – can be applied to every person, organization, government agency and business in Connecticut.
The strategy will next be followed by an action plan that will contain concrete steps to address the issues raised in the report. The Department of Emergency Services and Public Protection – through the Connecticut State Police, the Connecticut Intelligence Center, and the Division of Emergency Management and Homeland Security – will also have a significant role in the plan’s implementation.
“We have a plan, but we also have a lot of work to do,” Arthur House said. “Cybersecurity is a process, not an end state. We must continue to take threats seriously and defend the people of Connecticut. Having a strategy is an important step – allowing Connecticut to be organized in fending off attacks by powerful and skilled cyber criminals. Everyone should join in common effort to create a culture of cybersecurity awareness.”
Tips for Residents to Protect Against Cyber Attacks
As cyber-related attacks around the world continue to grow, officials from the State of Connecticut encourage all residents to learn about the risks and take steps to ensure their devices are secured.
Some of the action steps residents can take include:
Patch devices regularly: Make sure computers, mobile device apps, and anything else connected to the internet are running the most up-to-date software/firmware security patches.
Use updated antivirus software: Installing antivirus software on devices is simply not enough. Ensure that the software regularly scans the devices and receives periodic updates for ongoing protection.
Backup important data: Cyberattacks like ransomware may even infect up-to-date systems, so it is essential to back up data on a regular basis into a separate device (or to the cloud) to ensure continues access to critical data.
Stay alert and informed: The most common method for malware dissemination is through phishing, which involves criminals emailing people with the intent of tricking them to either open an infected attachment or click on a link to a malicious website. If a suspicious email is received, delete it. Visit reputable cybersecurity websites to remain current on trends and alerts.
Notify IT provider: If any abnormal computer behavior is noticed, if a device becomes infected with ransomware, or if an individual calls offering to provide unsolicited technical assistance, call a local law enforcement agency. Be sure to dial the non-emergency number for the local police department and provide them with as many details as possible regarding the incident.