On July 6, 2021, Connecticut Governor Ned Lamont signed into law “An Act Incentivizing The Adoption of Cybersecurity Standards For Business.” This new law in Connecticut, where I-M Technology, LLC is located, is designed to incentivize Connecticut businesses to adopt acceptable cybersecurity standards by barring state courts from penalizing businesses if they are hit by a cybersecurity breach if the business has adopted these standards. The law goes into effect on October 1, 2021.
The intent of the new law is to promote better cybersecurity practices and give leniency from state fines if a business meets Connecticut’s new standards, with the understanding that by meeting these new practices, a business has made good faith efforts to protect their clients’ information.
In June 2021, Connecticut also passed “An Act Concerning Data Privacy Breaches,” which updates what the state considers personal information as it pertains to information collected by a business and updates the timeframe a Connecticut resident must be notified of a breach to 60 days of the breach.
Both new Connecticut laws follow the coattails of President Biden’s Executive Order, “Executive Order on Improving the Nation’s Cybersecurity,” signed in May 2021. The EO covers a wide variety of actions but is mostly concerned with updating the technology and cybersecurity of federal systems, as well as removing barriers for sharing threat information between private managed IT service providers and the federal government. The EO also recognizes that it can’t impose standards upon the private sector but encourages private enterprises to follow the government’s lead with new standards.
You can see an easy-to-read fact sheet for the new EO here: https://www.whitehouse.gov/briefing-room/statements-releases/2021/05/12/fact-sheet-president-signs-executive-order-charting-new-course-to-improve-the-nations-cybersecurity-and-protect-federal-government-networks
What Do New Cybersecurity Standards Mean For Your Business?
It’s important to understand that neither these new laws in Connecticut, nor President Biden’s Executive Order, mandate updating your cybersecurity infrastructure. Currently, business owners in Connecticut do not have any legal obligation to increase IT security. But that doesn’t mean business owners shouldn’t strongly consider implementing better policies.
It’s clear that both the state and federal governments recognize the growing threat from malicious hackers and other cybercriminals. Connecticut, by offering legal relief to businesses that adopt specific standards, is obviously strongly encouraging its business community to take this threat seriously. Short of mandating legal compliance, this is as strong handed Connecticut can be to promote better cybersecurity.
Just because our local businesses are not legally compelled to better their cybersecurity does not mean they shouldn’t be taking every avenue to protect their business and their clients from the growing threat. The onus is now on business owners, managed IT providers and managed security service providers to better equip themselves.
Many business owners have maintained an apathy toward the rise in cybercrime. Many business owners continue to think they’re too small to be targeted. This is unequivocally untrue. If a criminal believes they can exploit shoddy security and make easy money, they will absolutely do so. Size does not matter.
It’s encouraging to see both state and federal governments take cybersecurity seriously, and the business community must follow suit. I-M Technology protects our clients with world class cybersecurity technology and policies.
Are you a business owner in Connecticut, Rhode Island or Massachusetts?
Click here to get a FREE cybersecurity and IT systems assessment from I-M Technology.
