Connecticut government signed a bill that will protect businesses from punitive damages resulting from a breach of personal data if they have adopted and adhere to industry-standard cybersecurity measures. The new law requires businesses to secure individuals’ names, Social Security numbers, taxpayer ID numbers, driver’s license numbers or other government identifiers; financial account numbers and passwords; medical or health insurance information; biometric information; and names or email addresses that are used in combination with a password or security to access online accounts.
To be exempt from damages, an organisation must conform to the current version of any recognised security framework. Organisations already regulated by the state or federal government must keep their compliance with the Health Insurance Portability and Accountability Act, the Federal Information Security Modernisation Act and the Health Information Technology for Economic and Clinical Health Act to avoid paying punitive damages.
Businesses must also comply with the current version of the Payment Card Industry Data Security Standard. When any of the relied-upon cybersecurity standards are updated, businesses have six months to comply.
The legislation is the latest of Connecticut’s efforts to better secure its assets. Earlier this year, the government launched a year-long process of building a new information technology organisation within state government. The process to centralise the coordination of the state’s IT resources by the Department of Administrative Services will progress throughout the year and establish an organisation capable of delivering modern IT solutions to support state agencies and the public.
The process will bring best practices to all state agencies, provide flexibility in the cross-training of employees, and ensure there is a pool of specialised experts at the ready to serve state agencies, rather than requiring a dedicated, smaller group of IT staff to individual agencies. The optimisation is all a part of broader efforts to modernise state government to better serve the residents. To achieve their goal of providing services efficiently, the state needs to improve the way they use technology.
Across the globe, cybersecurity risks continue to rise. Connecticut is investing in cybersecurity and technology in new ways to protect residents and businesses. Connecticut is bringing its statewide information technology team together into one, collaborative organisation that will help identify and deter cybersecurity incidents faster, bring everyone onto streamlined platforms, and ultimately protect more private information.
As part of the ongoing response, agencies across the U.S. government announced new resources and initiatives to protect American businesses and communities from ransomware attacks. As reported by OpenGov Asia, the U.S. Department of Homeland Security (DHS) and the U.S. Department of Justice (DOJ), together with federal partners, has launched a new website to combat the threat of ransomware.
StopRansomware.gov establishes a one-stop hub for ransomware resources for individuals, businesses, and other organisations. The new website is a collaborative effort across the federal government and the first joint website created to help private and public organisations mitigate their ransomware risk.
The website is the first central hub consolidating ransomware resources from all federal government agencies. Previously, individuals and organisations had to visit a variety of websites to find guidance, latest alerts, updates, and resources, increasing the likelihood of missing important information.
The website reduces the fragmentation of resources, which is especially detrimental for those who have become victims of an attack. The website integrates federal ransomware resources into a single platform that includes clear guidance on how to report attacks, and the latest ransomware-related alerts and threats from all participating agencies.