New York’s Strict New Cyber Regulations: Just the Beginning
All eyes are on New York state as they institute the nation’s first of its kind cyber security oversight for regulated financial services companies. Known as 23 NYCRR Part 500, these new stipulations mean that any organization operating under license or other authorization of the New York banking law, insurance law or financial services law, will need to meet some new requirements when it comes to cyber security protocols. Even if you are not doing business in New York state, you should pay attention, because cyber security standards like these are the direction of the future.
The NY DFS regulations set strict standards which all organizations falling under their auspices must now meet. Within the bigger picture, this includes:
- Implementing a cyber security program protecting consumers’ personal information.
- Carrying out Penetration Testing and Vulnerability Assessments
- Holding regular cyber security training for employees and personnel
- Initiating a written cyber security policy approved by the organization’s board.
- Appointing a CISO responsible for data and system security.
- Reporting of all cyber security events to the DFS.
- Filing of reports on state of cyber security of third-party providers (in effect Feb. 2020)
New York Gov. Andrew Cuomo said the regulations, which he labeled “strong, first-in-the-nation protections,” were meant to encourage organizations to keep pace with technological advances. “New York is the financial capital of the world,” Cuomo said, “and it is critical that we do everything in our power to protect consumers and our financial system from the ever increasing threat of cyber-attacks.”
The rules were enacted on March 1, 2017, but the first transition date was a few days ago, on August 28. There is much uncertainty among organizations regarding how certification will be assessed, and there are several transitional dates in-between, but by March 1, 2019, organizations are expected to have met all standards.
The need for enforcement of minimal cyber security standards – especially when it comes to sensitive consumer and private data – has become harder to deny, especially with the growing incidence of attacks on organizations handling private consumer data. Thus, it is little surprise that as these regulations are being enacted, other states are watching. Colorado is even acting, with the state’s Division of Securities having developed cyber security regulations pertaining to broker-dealers, investment advisers and fund managers. It is expected that additional states will soon follow.
The Cynet 360 platform helps organizations meet standards like those instituted by New York and Colorado. A holistic solution ensuring total cyber security – Cynet 360 covers endpoints, networks, users and more, while also protecting against continually evolving threats like malware, ransomware and others. Additionally, Cynet 360 provides full enterprise visibility, which means that anomalous activity is rapidly identified and stopped.
The Cynet 360 platform empowers organizations – even as they navigate the uncharted waters of new regulations – by putting privacy and security controls squarely in their hands.