We use cookies to improve your experience and optimize user-friendliness. Read our cookie policy for more information on the cookies we use and how to delete or block them. To continue browsing our site, please click accept.

Are You Ready for the NYDFS Cybersecurity Regulations?

Are You Ready for the NYDFS Cybersecurity Regulations?

On February 16, 2017, Governor Andrew M. Cuomo announced that the first-in-the-nation cybersecurity regulation to protect New York’s financial services industry and consumers from the ever-growing threat of cyber-attacks will take effect on March 1, 2017.

New York State Department of Financial ServicesThe final regulation requires banks, insurance companies, and other financial services institutions regulated by the Department of Financial Services to establish and maintain a cybersecurity program designed to protect consumers’ private data and ensure the safety and soundness of New York’s financial services industry.

Do the new NYDFS regulations apply to my business?

If your business is a bank, trust, budget planner, check casher, credit union, money transmitter, licensed lender, or mortgage broker covered by  New York’s Banking Law, Insurance Law, or Financial Service Law, you most likely need to comply. The regulations apply even if you only do business in New York but have no physical presence.

When does my organization have to start complying?

The next deadline is February 15, 2018, so the time to start preparation is now.

8 Critical Questions

1. Has my company done a risk assessment to determine our cybersecurity risk and what gaps we need to fill to get into compliance?
2. Do we have a well-documented cybersecurity policy, based on my risk assessment, to protect the confidentiality, integrity, and availability of my information systems?
3. Does my organization have written information security policies?  Do they address the fourteen areas mandated by the DFS regulations?
4. Are we retaining a qualified chief information security officer, whether internal or outsourced, to provide oversight?
5. Do we have access control processes in place to ensure that data and systems access are being properly controlled?
6. Are our breach notification processes complete and up to date?
7. How is our information security program keeping up to date with new threats and risks?
8. Does my organization have an ongoing threat management and training program for employees?

Your policies must address

Information
security

Icon by Iconnice

Data governance and classification

Icon by Iconnice

Asset inventory and device management

Icon by Iconnice

Access controls and identity management

Iconnice

Business continuity and disaster recovery

Iconnice

Systems operations and availability concerns

Iconnice

Systems and network security

iconnice

Systems and network monitoring

iconnice

Systems and application development and quality assurance

Physical security and environmental controls

iconnice

Customer data privacy

Iconnice

Vendor and third-party provider management

iconnice

Risk assessment

Iconnice

Need More Information?

If you have any questions about this update or would like to further discuss your cybersecurity plan, please contact a member of Withum’s Cyber Secure Services Group by filling in the form below.

To ensure compliance with U.S. Treasury rules, unless expressly stated otherwise, any U.S. tax advice contained in this communication is not intended or written to be used, and cannot be used, by the recipient for the purpose of avoiding penalties that may be imposed under the Internal Revenue Code.

Icons made by Iconnice from www.flaticon.com is licensed by CC 3.0 BY

Previous Post
Next Post
Article Sidebar Logo Stay Informed with Withum Subscribe
X

Insights

Get news updates and event information from Withum

Subscribe