What You Need to Know About the New York State Cybersecurity Regulations - 23 NYCRR 500Todd Smith, Director, Information Security Practice | June 19, 2017
On March 1, 2017, New York State released new regulations, titled Cybersecurity Requirements for Financial Services Companies (23 NYCRR 500), for institutions regulated by the New York Department of Financial Services (DFS). This states that any organization overseen by the NY DFS must establish internal policies and procedures to ensure a large focus is placed on the protection of local businesses and individuals from cyberattacks.
These requirements state that all financial services, banks, and credit unions, as well as mortgage companies, insurance companies, and other entities, must establish a cybersecurity program by August 28, 2017. This includes any organization that holds any institution or branch in the state of New York.
Why This Regulation is Important
Financial institutions are a main target of cyber threats. Because of that, many financial institutions and consumers have seen significant financial losses at the hands of cybercriminals. The New York DFS designed the 23 NYCRR 500 regulation to focus on cybersecurity in the belief that heightened priority of the company and consumer data will prevent monetary loss.
All in all, this means that all financial firms headquartered or operating in New York need to either strengthen their current cybersecurity plan, or create an entire program from the ground up. If the outcome of this cybersecurity regulation is successful in New York, other states may release similar guidelines in the future.
High Level Cybersecurity Program Requirements
When reviewing or creating their cybersecurity program, financial institutions must ensure that they:
- Establish or Maintain a Cybersecurity Program
- Establish and Maintain Enterprise-wide Cybersecurity Policies
- Designate a Qualified Chief Information Security Officer (CISO)
- Perform Annual Penetration Testing and Bi-annual Vulnerability Assessments
- Train Employees on Modern-Day Cybersecurity Threats
- Perform Risk Assessments of All Third-Party Service Providers
- Maintain a Written Incident Response Plan
- Include Robust Incident Monitoring and Reporting Systems
- Submit Annual Certification of Compliance
When do these Regulations Take Effect?
An important date that is approaching quickly is August 28, 2017. This is the day that all covered entities, whether you’re based in New York, or have a branch in the state, must have a fully comprehensive cybersecurity policy in place. You must also appoint a Chief Information Security Officer, which can be an internal staff member or a Third-Party Vendor.
How to Get Started
Interphase Systems, Inc. has spent years working with organizations helping them evaluate, prepare, strengthen and execute their cybersecurity programs. Our experts know firsthand the complexities involved when successfully implementing these requirements into a current IT environment. Although this is no easy feat, it is not impossible. The question you may be asking is, “Where do I start?” when there are only months to put all of these provisions in place.
Get a baseline of where your IT security currently stands with a Cybersecurity Risk Assessment by Interphase. Through our independent and unbiased security experts, Interphase is able to provide a security gap analysis, showing you where your company is at now, compare it to where it needs to be with the new regulations, and give you a roadmap on how to get there.
Over the next few weeks, we are going to dive deeper into the different provisions within this regulation to help you understand the importance of creating a cybersecurity program. Click here to sign up for notifications of upcoming blog posts, webinars, videos and more.
A Cybersecurity Risk Assessment is the first step towards getting compliant with 23 NYCRR 500. Call us at 610-276-5500 or complete this form to speak with one of our security experts and get your assessment scheduled today!
Did you know that technology is helping to protect and save our oceans? With #cloud security and communication tools, @JacksDiveLocker has exponentially increased their outreach and education efforts to keep our oceans healthy and thriving.
Want to see how the latest #security tools can help grow your business? Contact the Client Engagement team at Interphase Systems (email@example.com or 610-276-5500) to get started today!
Communication among team members and between different teams, especially when they’re in different locations, can be a huge challenge–but it doesn’t have to be an obstacle to collaboration and teamwork. Watch this video to discover why Red Lion Hotels (RLH) trusted Microsoft Teams to integrate all its corporate collaboration needs into one internal communications tool. Interphase Systems helps organizations of all types build and implement a collaboration strategy that leverages Microsoft Teams as the nexus for internal and external team collaboration. Contact our Client Engagement team today (firstname.lastname@example.org or 610-276-5500) to help your organization plan and implement its own collaboration strategy.
One of the most popular questions that I receive, as it pertains to Office 365, is as follows: "When should I use Teams, Yammer and Skype for Business? Their functions seem to crossover." Many people have provided their insights in an effort to...
Are you ready to lose all your money, cancel all accounts, and probably experience a system failure? I’m sure you will never be ready for that, which is why it’s critical you recognize the anatomy of a phishing email to avoid becoming a victim. So here are several...
Password managers do more for you than just help you remember which password you used for different accounts. In this post, I am going to dig a little deeper into explaining what password managers do and how can they benefit your personal security and privacy. A...
You’ve been getting this annoying pop-up for days. You contact your IT Help Desk who asks if you would be able to send him a screen shot of the error message… but you’re not entirely sure how to do that. The “Snipping Tool” is a program...