SOUTH PORTLAND, Maine - The threat from cyber criminals is greater than many Maine businesses realize. But there are also resources available to help them learn more about protecting data.
That was the message today at a forum in South Portland hosted by independent U.S. Sen. Angus King, and the Maine State Chamber of Commerce.
Maine's two U.S. senators have both put their weight behind efforts in Congress to pass a comprehensive cyber-security bill - an issue whose importance is underlined, they say, by a number of recent data breaches, including one at at the federal government's Office of Personnel Management earlier this summer.
"This is a ubiquitous, constant threat to every company, large and small," said Sen. Angus King. King, who spoke to more than 100 guests at the offices of Texas Instruments in South Portland, said he hopes to vote on a measure this fall called The Cyber Information Sharing Act.
"In the meantime, though, there's a lot that can be done without waiting for Congress," he said, "without waiting for the government to pass particular pieces of legislation, and that's why we're here today."
"I think that cyber-security and overall IT security needs to be better defined within organizations and embedded within organizations' culture," said Mike Leking. Leking is with the DHS's Office of Cybersecurity and Communications, which he says has grown tenfold in size in recent years, but still needs more people.
Leking has spent the last four years traveling the New England region advising companies how to avoid getting hacked. While installing security software can be costly, he acknowledges - especially for small businesses - there are a lot measures companies can take for little or no cost.
"So, basic cyber-hygiene practices, basic best practices that are freely available, they're listed on our website," he said, "things like changing default passwords, awareness and training curriculums, a wealth of information that's all available."
"I think I got the picture as to what's going on to prevent cyber crime," says Kathie Leonard, chief executive of Auburn Manufacturing Inc., a producer and exporter of high-performance textiles based in central Maine.
"We're one of those small- to medium-sized businesses that was talked about today, and I can tell you that we're ignorant as far as what we should be doing about cyber-crime," Leonard says.
Leonard says she uses an outside consultant to deal with IT security issues, and had always thought she had a fairly reliable computer system. But now, she thinks more work needs to be done to protect the company's data.
"To date I don't think we've been hacked," Leonard says, "but on the other hand we've been the victim of hacking done to one of our customers. And in fact we lost an order because of it."
Leonard says her company was about to ship a container to South East Asia, but had to cancel the order because no payment had been received. It turns out, she says, that the customer had paid for the shipment - but had been duped into paying the wrong people: cyber-criminals posing online as Auburn Manufacturing.
Leonard says the hackers got the money and disappeared without a trace.