Hartford Business Journal

www.HartfordBusiness.com January 19, 2015 • Hartford Business Journal 9 Nominations close: February 10, 2015 Issue Date: April 6, 2015 Event Date: May 14, 2015 We are looking for eight REMARKABLE BUSINESS WOMEN in Greater Hartford! V I E W P A S T W I N N E R S A N D F I L L O U T N O M I N A T I O N F O R M O N L I N E A T WWW.hARTFORDbUSINESS.cOM AND cLIck ON "OUR EVENTS" Contact AMY ORSINI at 860-236-9998 x134 or email aorsini@HartfordBusiness.com with questions 2015 NOMINATIONS NOW OPEN This Spring, the Hartford Business Journal will recognize the achievements of 8 remarkable women who are making their mark in Greater Hartford. These women are senior-level executives, CEOs and/or entrepreneurs who have mastered their business. These women are remarkable, noteworthy women who are admired in the business community. The celebration will include a special issue and luncheon to honor the 8 Remarkable Women. Winners will be announced in a special issue of the Hartford Business Journal on April 6, 2015. Publishing This April In Print and Online as a Digital Edition! Presented by: Event Sponsors: Event Partners: In Print. Online. In Person. www.HartfordBusiness.com Delivering Business. take a moment to nominate a remarkable woman you know! experTs corner 2015 will be the year of the hack By: Greg Pellerin T his is the year of the sheep according to the Chinese calendar. The Chinese are known to be particularly superstitious, so I'm told, and they aren't necessarily looking forward to a prosperous new year. It's not that sheep are bad luck, but legend has it that only one out of 10 people born in the year of the sheep will find happi- ness in their life. Perhaps that gives many of us in the IT world a reason to look at the year ahead with an equally dour, if not downright fear- ful eye. If recent his- tory is any indication, 2015 may go down as the year of the hack. The devastating cyberattack on Sony Pictures Entertainment and the studio's initial decision to pull "The Inter- view" amid threats to moviegoers has taken on a life of its own with charges and countercharges being lodged by the company, the U.S. govern- ment, the hackers, and their North Korean spon- sors. We'll leave the argument over reactions and punishments to the pundits, but there is no doubt that the issue of cybersecurity is now front and center for companies of all sizes. The year 2014 left businesses like eBay, Target, and Home Depot reeling. Restaurant chains like P.F. Chang's and Domino's Pizza were targeted and were threatened to pay up, or else. A "state of the Internet" report by Akamai Technologies showed hacker attacks on websites in the third quarter of 2014 up by 400 percent over a year ago. Here's the bottom line: If your business or institution has a website or even an Internet connection, you're a potential target. "Computer networks were designed by human beings," says Duane Norton, director of technology for a national IT networking firm and a 15-year veteran of the cyber-wars. "If a person can build it, another person with a different agenda can usually figure out a way to infiltrate it. The key is to make it as dif- ficult and time consuming as possible, so the hacker moves on to a more vulnerable target." Norton and his colleague, director of tech- nical services Gerry Gosselin, recently put together a presentation entitled, "Cybersecu- rity: IT's Everyone's Business," and delivered it to a group of small and mid-sized business leaders concerned about the potential impact on their organizations. Not surprisingly, most were amazed that their companies, a bank, a college, even a small insurance agency, were shockingly at risk to a cyberattack. Norton and Gosselin say the direct costs of a security breach are far more than just identifying and plugging the leak. "Once you conduct your forensic analysis, you're just getting started," says Gosselin. "Identifying victims (both inside and outside the com- pany), legal fees, PR services, delivery of required disclosures, and the cost of provid- ing identity and credit protection are next. Add to all of that, the staff time devoted to handling the incident, lost business, lost cus- tomers, lost data and intellectual property, it'll be all you can muster to keep from losing your reputation too," he says. Data breaches occur when a hacker gains access to an inside resource. Once inside, they'll move laterally, looking for a password or security vulnerability that allows them to escalate their privileges and navigate any- where they want to go. Norton and Gosselin offer up the follow- ing tips for strengthening your cybersecurity efforts from a technical perspective. • Enforce a strong password policy, asking employees to change them every month. • Conduct regularly scheduled perimeter and network security audits by qualified outside firms (your internal IT staff is often "too close" to recognize vulnerabilities). • Install software patches as quickly as possible. • Centralize your anti-virus and anti-mal- ware programs. • Reassess your system monitoring and logging procedures. On the strategic side, bring IT into the busi- ness mainstream. Don't just tell your IT peo- ple what to do, allow them to be a part of busi- ness decisions with security a key concern. Tell them what you're protecting, and why. Make sure all employees understand that cybersecurity is everyone's business. You'd be surprised at the percentage of attacks that originate by someone simply leaving a cell phone or tablet in a taxi, having a list of passwords pinned to the wall of a cubicle, or forgetting their ID at a cybersecurity confer- ence (yes, Gerry and Duane found someone's security card on a chair at the end of their presentation!). Yes, 2015 is the year of the sheep, but don't be sheepish when it comes to IT security. n Greg Pellerin is a 15 year veteran of the tele- communications and IT industries and a co-founder of VertitechIT. Greg Pellerin ▶ ▶ if your business or institution has a website or even an internet connection, you're a potential target.

• Cover