Connecticut’s new ‘Safe Haven’ law helps protect companies from potential data breaches
The state of Connecticut has passed a law that provides a safe haven statute to companies that put cybersecurity measures in place to prevent data and security breaches. This means that the business will not be held liable for punitive damages for cyber breaches provided they are in compliance with an industry cybersecurity framework containing technical, physical, and administrative safeguards. A company could still be liable for actual damages. If your company is not compliant with the standards set by your industry, the team at It’s Just Results can help ensure you’re able to maximize protections under the Connecticut cybersecurity law.
Choose a cybersecurity framework for your business
The new law suggests that you choose one of the following six cybersecurity frameworks to secure your company:
(i) The National Institute of Standards and Technology's "Framework for Improving Critical Infrastructure Cybersecurity" (NIST CSF)
(ii) The National Institute of Standards and Technology's special publication 800-171;
(iii) The National Institute of Standards and Technology's special publications 800-53 and 800-53a;
(iv) The Federal Risk and Management Program's "FedRAMP Security Assessment Framework";
(v) The Center for Internet Security's "Center for Internet Security Critical Security Controls for Effective Cyber Defense" (CIS 18, V8); or
(vi) The International Organization for Standardization and the International Electrotechnical Commission "ISO/IEC 27000-series."
It’s Just Results can help you weigh the pros and cons of each of the six frameworks in the context of your company’s unique needs and circumstance.
It’s Just Results provides sample policies designed to be customized for your needs and to promote cyber safety in the workplace. As a package, the customized policies comprise your documentation on your cybersecurity decisions and practices at all levels. For an average worker, this might be guidance about how to handle suspicious emails, whether or not it is acceptable to plug personal cell phones into company computers, and appropriate use of work email addresses. On the technical level, this can include what technology to use to enhance your login security, how to monitor your data flow environment, and how to conduct periodic examinations of your technical environment with penetration testing. The recommended documentation includes policies and practices you can put in place to be proactive in avoiding threats from cybercriminals and those intended to be implemented in the event of a real or suspected breach.
Sometimes it doesn’t matter what measures you put into place on the technical side of your business. Threats can still find their way into your company. It’s Just Results helps provide your employees with compliance training that dives deep into gamification, phishing scams, and other methods that might be used to trick them into allowing a threat into the system. Our training will teach the importance of vigilance in avoiding such threats.
Many of the principles that apply to keeping your physical storefront or business safe also apply in a digital landscape. A large business that holds a significant amount of valuable stock on site might hire a security guard to monitor the premises at night. Vulnerability scans are no different. This is the security guard wandering the halls of your digital space to ensure that there aren’t areas that might be appealing to cybercriminals looking to attack at a weak spot. These scans will be done both internally and externally to provide a report to identify areas of risk as well as necessary steps to take in mitigation.
It’s important that you’re able to respond to an incident quickly. The best way to do this is to keep an active audit log that sends notifications when there’s a potential threat. Frequent audits make it easier for you to stay ahead of breaches as they provide you with feedback on the current status of your network. An additional benefit of auditing your security system is that the findings report will make it simpler to identify inconsistencies that might have led to a breach.
Contact us to get started
Get your business up to speed with current security practices so you’re protected by the Connecticut cybersecurity law as soon as it goes into effect Friday, October 1, 2021. Get in touch with our team at It’s Just Results today, and we’ll help you put new cybersecurity policies and measures in place at your business to ensure that you’re fully compliant within your industry. Give us a call today at 703-570-4266 or send a message using our contact form. Someone from our team will reach out to you within 48 hours of receiving your message. We’re here to provide your business with cybersecurity and you with peace of mind.