The New York Department of Financial Services (NYDFS) cybersecurity regulations (23 NYCRR 500) went into effect in March of 2017 however an important deadline is still looming. These new rules set some fairly rigorous and complex data security requirements for businesses that are licensed by the New York State DFS such as financial institutions, banks & insurance companies, agents and brokers operating in the state as well as non-resident licensed entities doing business in the state. Entities covered by these regulations must prove they are following them by filing a certification of compliance which is due by February 15, 2018. With these regulations being the first in the nation of their kind, many businesses are having difficulty understanding just exactly what they will need to be doing to be compliant.
Have you completed, or will you complete, a Penetration Test and Vulnerability Assessment by March 1, 2018?
Is all of your data non-public information encrypted including your workstations and servers?
Have you appointed a CISO?
Have you developed a Cybersecurity Policy and incident response plan based on a Risk Assessment performed by trained Cybersecurity personal?
Do you have Multi-Factor Authentication in place on all information systems?
Have you evaluated the security of your line of business applications?
Do you have an effective continuous monitoring solution in place that can on an ongoing basis detect changes or activities within information systems that may create or indicate the existence of cybersecurity vulnerabilities or malicious activity?
Are you conducting vulnerability assessments annually?
Are you conducting penetration testing bi-annually?
For more detailed information on 23 NYCRR 500 read our article Recent New York Cybersecurity Regulations: Do They Affect You?, which outlines the entities the regulations cover, the requirements those covered entities must adhere to, and a timeline for compliance.
Noncompliance, regardless of the reason, can be devastating for your business. NYDFS could suspend your ability to operate within the state. Don't become a casualty because of a misinterpretation or an uninformed IT department. Our team of experienced technology professionals is currently assisting covered entities by helping to ensure cybersecurity compliance with these trailblazing rules. From conducting detailed IT risk assessments to helping understand how to complete self-risk questionnaires, Delaney Computer Services provides the comprehensive Managed IT support that businesses and organizations in the Finance & Insurance industry need to have fully compliant IT environments. Find out more about our Managed Compliance Services