FOX61, NBC Connecticut Interview Kelser about Cybersecurity Awareness Month
Cybersecurity awareness month has come to a close and all throughout October, Kelser was helping to bring attention to this issue. Our cybersecurity tips of the day on Facebook, Twitter, and LinkedIn helped attract the attention of NBC Connecticut and FOX 61.
Making sure our clients are aware of cybersecurity threats, and protected from them, is one of the main focuses of my role as manager of information security and compliance. But this information is also extremely worthwhile to the general public.
I was interviewed by anchor Dan Corcoran on NBC CT. His first question was about how hackers are becoming more sophisticated, which of course leads to cyber attacks becoming more inconspicuous and tougher to identify.
When I spoke with Angelo Bavaro of FOX61, he asked me about the new Connecticut law that provides protections from lawsuits for businesses that follow cybersecurity frameworks.
Here are transcripts from both interviews. And don't forget, just because October is over doesn't mean we stop thinking about cybersecurity for the next 11 months. Stay vigilant!
Dan Corcoran: We hear about scams or attempted scams all the time; someone's sending you an email from a strange account. By now, most of us know not to click on that, but scammers also know we won't click on it. So how are their tactics becoming more sophisticated?
Dave Bykowski: It's been really interesting to see how professional scammers, really criminal outlets and enterprises, are working to improve their English.
What's been known for a long time is that you could look, oftentimes, for broken English in emails and automatically suspect that it was some sort of scam or phishing attempt, as the term is.
And now those enterprises are actually investing in English, in terms of proofreading and content revision, to deliver better-crafted emails to have a better chance of tricking people into looking at them and following the instructions in them.
Dan: So they're getting better at English. Wow. So who is most at risk of falling for a cyber scam?
Dave: Really, it could be just about anybody. The more attention that you pay to detail, the better off that you're going to be in terms of protecting yourself, your personal information, your family's information or company information.
It's really more about just staying vigilant and watching to make sure that the emails you're getting are really the things that you would expect to be receiving.
And if something doesn't look right, go ahead and reach out to the person you think it came from and ask them, in a trusted manner, whether that's in person or a phone call to their phone number that you know is good, and say, “Hey, did you really send this to me? I just wanted to make sure.”
Dan: And give us a couple other easy actions that we could take today to make sure we are staying safe online.
Dave: One of the best things is to stick with trusted websites that you know. And anytime you're putting out any of your credit card information, personal information, you should see, depending on which browser you're using, either a lock or key or some sort of symbol that indicates that there's an encrypted connection being used.
That's really important because you want to make sure that other people can't get your information without even accessing your computer itself, just the traffic that you're sending and getting, information like a social security number, a credit card number, anything like that.
Also be very careful when using public Wi-Fi. If you need to use it, try not to use it for anything where you'd have really personal sensitive information.
Angelo Bavaro: October is Cybersecurity Awareness Month, and a new cybersecurity law in Connecticut is providing protections from lawsuits for businesses that step up their security.
So just to get things started here, can you give us more background on this law, where it came from and what exactly does this cover here?
Dave: Well, at a federal level, there have been more and more efforts to improve cybersecurity across the country. It's obviously a threat to our nation.
Connecticut has provided incentives to companies where if they follow certain prescribed or approved frameworks — such as NIST cybersecurity framework, PCI DSS for companies that process credit cards, HITRUST for healthcare firms or a number of other frameworks that are out there — this provides protections for those companies, in the event of a breach, against punitive damages.
And as we know, punitive damages can really crush a company in court.
Angelo: And we talk about this framework that these companies have to follow, what does that look like now under this new law, what did it look like before, what does this mean to you and me as the average consumer of products and stuff like that? How does this protect us?
Dave: Well, for us, it provides incentives for companies to really step up their game and put in increased protective measures, be able to put better defenses around protecting company information, and since so many companies will handle personal identifiable information, or PII, that's really going to help protect our identities as well.
So companies really have incentive to spend the extra money that it takes to reduce their risk in the event that something happens, and to help improve protections for the average consumer.
Angelo: And on the other side of this, what happens if a company does not have the right cybersecurity measures in place, this framework in place?
Dave: Well, we've heard all sorts of breaches in the news. And we can expect that those sorts of things are going to continue. Unfortunately, cybercriminals, they aren't going anywhere, they aren't going away, they're probably just only going to step up their game.
And what that means is for companies that choose not to follow that, they run the risk of having a breach, impacting their business, and should an investigation demonstrate willful or wanton negligence, they could be subject to hefty compensatory and punitive damages.
Angelo: And this law is definitely a big step here in Connecticut. Does this follow the federal government's lead or other states’ lead? Where do we stand in terms of other states that have implemented something like this?
Dave: Most other states haven't really implemented it. I think the first one I'm familiar with was Ohio back in 2018. I think it's inspired by moves at the federal level, where President Biden has issued an executive order for ramping up cybersecurity measures across the country.
But Connecticut’s definitely a leader when it comes to state by state in this area.
Angelo: Yeah, that's awesome to hear. And just to wrap things up here, you mentioned it before, but it seems like every day we're reporting on these stories — hacks, phone companies, other companies as well.
What can the average person, you or me, do to kind of increase our own cybersecurity at home and make sure we're protected?
Dave: Yeah, that's really good to think about there. And we have a number of tips that we put out throughout the month on social media. You can find Kelser on Twitter or on LinkedIn. We've had a cybersecurity tip of the day.
A few of them in particular that I like are, No. 1, to be particularly careful when using public Wi-Fi. It isn't necessarily unsafe, but you are running a little bit more of a risk. Maybe it would be a good idea to be a little more careful as far as what kind of transactions you do there.
Maybe secured financial transactions run a little higher risk of possibly being a little bit less secure and an attacker getting some of your information.
Also, make sure you tighten up your own personal Wi-Fi network, especially for all of us who are working at home. Make sure you have a password, and a really good password, and good encryption on your wireless router, and all of the things for you to go and work from home.
Because you don't want to put company information at risk while working during these times. Additionally, just protect your information, watch your email and, when looking at emails, if something just doesn't look right or seem right, don't click that link. Don't follow.
Make sure to go and reach out to the person who sent you the email and say, “Hey, did you really send this?” Because, unfortunately, cybercriminals are getting smarter and smarter.
They're getting better control of English language and what we were used to seeing as obvious phishing emails now really are a lot harder to spot. So just take that extra moment and always be vigilant.