The New York Department of Financial Services (NYDFS) has proposed regulations that require all financial services businesses operating in New York to develop and maintain a comprehensive Cyber Security program. The regulations impose significant, yet minimum Cyber Security requirements, and mandate board of director involvement and accountability.
The NYDFS proposed regulations apply to every business operating in New York that is required to have a “license, registration, charter, certificate, permit, accreditation or similar authorization” under New York’s banking insurance or financial services law.
While this includes banks and insurers, it also includes related businesses. Brokers, including mortgage and insurance brokers, as well as bail bond agents, check cashers, non-profit credit counselors and budget planners, licensed lenders, premium finance agencies, and others, are potentially subject to the regulations. You can see the other NYDFS supervised businesses discussed here.
The requirements for Cyber Security program must serve six core functions:
- IDENTIFY INTERNAL AND EXTERNAL CYBER RISKS;
- USE DEFENSIVE INFRASTRUCTURE;
- DETECT CYBER SECURITY EVENTS;
- RESPOND TO AND MITIGATE IDENTIFIED OR DETECTED CYBER SECURITY EVENTS;
- RECOVER FROM CYBER SECURITY EVENTS AND RESTORE NORMAL OPERATIONS; AND,
- MEET REGULATORY REPORTING OBLIGATIONS.
In addition, the Cyber security programs must include regular employee training on Cyber security, and contain controls sufficient to monitor user activity and detect unauthorized user access.
For several years, Digital4nx Group has been providing “Ethical hacking” Security assessments, which we define as, a service where we attack your network and computer systems using real-world tools and techniques in order to find security weaknesses. Having an independent team of experts audit your security is a valuable tool that is guaranteed to uncover vulnerabilities and greatly increase your level of security.
For many organizations and especially organizations regulated by DFS, Digital4nx Group will provide an annual service which consists of a set of proactive services. This annual service is a set of proactive services designed to simulate a real-world attack on your network, without the end-goal of causing harm, in order to identify, prioritize and remediate information security issues and potential exposures which could cause various risks for the organization.
For more information, please give us a call or learn more about the program here and return the attached questionnaire for a fixed fee price.