What You Need to Know About the New York State Cybersecurity Regulations - 23 NYCRR 500Todd Smith, Director, Information Security Practice | June 19, 2017
On March 1, 2017, New York State released new regulations, titled Cybersecurity Requirements for Financial Services Companies (23 NYCRR 500), for institutions regulated by the New York Department of Financial Services (DFS). This states that any organization overseen by the NY DFS must establish internal policies and procedures to ensure a large focus is placed on the protection of local businesses and individuals from cyberattacks.
These requirements state that all financial services, banks, and credit unions, as well as mortgage companies, insurance companies, and other entities, must establish a cybersecurity program by August 28, 2017. This includes any organization that holds any institution or branch in the state of New York.
Why This Regulation is Important
Financial institutions are a main target of cyber threats. Because of that, many financial institutions and consumers have seen significant financial losses at the hands of cybercriminals. The New York DFS designed the 23 NYCRR 500 regulation to focus on cybersecurity in the belief that heightened priority of the company and consumer data will prevent monetary loss.
All in all, this means that all financial firms headquartered or operating in New York need to either strengthen their current cybersecurity plan, or create an entire program from the ground up. If the outcome of this cybersecurity regulation is successful in New York, other states may release similar guidelines in the future.
High Level Cybersecurity Program Requirements
When reviewing or creating their cybersecurity program, financial institutions must ensure that they:
- Establish or Maintain a Cybersecurity Program
- Establish and Maintain Enterprise-wide Cybersecurity Policies
- Designate a Qualified Chief Information Security Officer (CISO)
- Perform Annual Penetration Testing and Bi-annual Vulnerability Assessments
- Train Employees on Modern-Day Cybersecurity Threats
- Perform Risk Assessments of All Third-Party Service Providers
- Maintain a Written Incident Response Plan
- Include Robust Incident Monitoring and Reporting Systems
- Submit Annual Certification of Compliance
When do these Regulations Take Effect?
An important date that is approaching quickly is August 28, 2017. This is the day that all covered entities, whether you’re based in New York, or have a branch in the state, must have a fully comprehensive cybersecurity policy in place. You must also appoint a Chief Information Security Officer, which can be an internal staff member or a Third-Party Vendor.
How to Get Started
Interphase Systems, Inc. has spent years working with organizations helping them evaluate, prepare, strengthen and execute their cybersecurity programs. Our experts know firsthand the complexities involved when successfully implementing these requirements into a current IT environment. Although this is no easy feat, it is not impossible. The question you may be asking is, “Where do I start?” when there are only months to put all of these provisions in place.
Get a baseline of where your IT security currently stands with a Cybersecurity Risk Assessment by Interphase. Through our independent and unbiased security experts, Interphase is able to provide a security gap analysis, showing you where your company is at now, compare it to where it needs to be with the new regulations, and give you a roadmap on how to get there.
Over the next few weeks, we are going to dive deeper into the different provisions within this regulation to help you understand the importance of creating a cybersecurity program. Click here to sign up for notifications of upcoming blog posts, webinars, videos and more.
A Cybersecurity Risk Assessment is the first step towards getting compliant with 23 NYCRR 500. Call us at 610-276-5500 or complete this form to speak with one of our security experts and get your assessment scheduled today!
Microsoft Office 365 has released its latest app called “Office” for public use. This is the go-to app for access to all of your Microsoft Office work directly from your mobile device. This new app combines Word, Excel, and PowerPoint into a single app and gives you...
Cloud computing has many benefits. It allows you to set up a virtual space that provides the flexibility of connecting to your business anywhere, and at any time. Access to your data is easier than ever with the use of smart phones, tablets, etc. Moving your business...
Microsoft Teams is a collaborative workspace in Office 365 that brings together people, content and conversations. Previously, to chat privately with a group of team members, separate Teams had to be created outside of the originating team within which a group would...
Searching in Bing now produces web and organization specific search results, making it an easy destination for broad searches that include data found within Microsoft 365. The best part is that it can be used from any device, in any web browser. You can use the Bing...
We live in a world of constant disruption where business models are undergoing constant change. This article explores the impact of these trends on collaboration and teamwork and the most important skills for the 2020 workplace. Contact Interphase Systems for help in...
Meet Diego, a Compliance Officer who works closely with his company's IT team to ensure employees abide by internal policies and regulations set by regulatory bodies. Check out this infographic to see how Diego uses productivity and collaboration tools in Teams across...