State of Connecticut Department of Banking

Cybersecurity

Information for Financial Service Providers

Data breaches and intrusion attempts have become commonplace.  In recent years, some of the largest and most technologically advanced corporations have been vulnerable to these threats. Financial service providers in Connecticut are no exception. Having a robust cybersecurity plan in place is the foundation for safeguarding consumer’s personal information.  When creating your plan, it may be useful to keep in mind the following: 

  • Always ensure you have updated antivirus and malware protection on every device used.
  • Institute an employee training program on how to avoid cyber risks such as malware and viruses to minimize the risk of internal cybersecurity incidents;
  • Ensure that you have adequate written supervisory procedures (which include data retention and data disposal policies);
  • Check your cyber insurance coverage and review any limitations and exclusions (e.g. does your cyber insurance cover the breach or loss of encrypted and unencrypted data?);
  • If your office environment includes any WiFi-enabled “smart” devices, confirm that they are maintained on a secure network separate from your client data; 
  • If you have an external IT professional, or third party relationship, confirm that your written agreement includes a confidentiality and/or non-disclosure clause to protect your clients’ data;
  • Understand the risks associated with third-party vendors. Selecting the right vendor requires you to understand how they secure their sensitive data, how they approach cybersecurity, the protocols and processes they have in place and what security functions they manage on site;
  • If your business becomes the victim of a data breach, please ensure that you have an “Incident Reporting Procedure” in place. This procedure should include reporting the breach to the Attorney General’s office in accordance with CT state law.
  • Utilize encryption on all data systems that contain confidential information. 

As technology continues to evolve, it is important to be prepared and equipped to safeguard your clients’ data and to minimize their exposure. With proper safeguards in place, you can protect not only your client, but yourself as well.