The New York Department of Financial Services (NYDFS) has proposed regulations that require all financial services businesses operating in New York to develop and maintain a comprehensive cybersecurity program. The regulations impose significant, yet minimum cybersecurity requirements, and mandate board of director involvement and accountability.
The NYDFS proposed regulations apply to every business operating in New York that is required to have a “license, registration, charter, certificate, permit, accreditation or similar authorization” under New York’s banking insurance or financial services law.
While this includes banks and insurers, it also includes related businesses. Brokers, including mortgage and insurance brokers, as well as bail bond agents, check cashers, non-profit credit counselors and budget planners, licensed lenders, premium finance agencies, and others, are potentially subject to the regulations. You can see the other NYDFS supervised businesses discussed here.
The requirements for cybersecurity program must serve six core functions:
identify internal and external cyber risks;
use defensive infrastructure;
detect cybersecurity events;
respond to and mitigate identified or detected cybersecurity events;
recover from cybersecurity events and restore normal operations; and,
meet regulatory reporting obligations.
In addition, the cybersecurity programs must include regular employee training on cybersecurity, and contain controls sufficient to monitor user activity and detect unauthorized user access.
For several years, Digital4nx Group has been providing "Ethical hacking" Security assessments, which we define as, a service where we attack your network and computer systems using real-world tools and techniques in order to find security weaknesses. Having an independent team of experts audit your security is a valuable tool that is guaranteed to uncover vulnerabilities and greatly increase your level of security.
For many organization and especially organizations which are regulated by DFS, Digital4nx Group will providing a solution called Cyber Vigilance™. This annual service is a set of proactive services designed to simulate a real-world attack on your network, without the end-goal of causing harm, in order to identify, prioritize and remediate information security issues and potential exposures which could cause various risks for the organization.
For more information, please give us a call or learn more about the program here and return the attached questionnaire for a fixed fee price.