New Cybersecurity Requirements for the Financial Service Industry

The New York Department of Financial Services (NYDFS) issued a binding term sheet, mandating a minimum cyber security standard for financial organizations. The aptly titled, “Cybersecurity Requirements For Financial Services Companies” took effect on March 1, 2017.

With only six months to meet compliance standards, many mid-tier and boutique businesses have been left scrambling for the right company to help them meet compliance standards. With such valuable data needing to be secured, it’s important to work with a company that you can trust.

Despite lax regulation in the past, Gotham Security has always exceeded compliance standards. The new NYDFS regulations are introducing stricter enforcement of new policies, yet our clients are breathing easy knowing their data is already secure. Under title 23 of the Official Compilation of Codes, Rules and Regulations of the State of New York, companies must adopt the following procedures:

  1. Companies must assess their specific risk profile and design a program that addresses risks in “robust” fashion.
  1. Senior management will be responsible for their cybersecurity programs.
  1. Annual certification confirming regulatory compliance.

Firms must also be compliant with the following:

  1. Encrypt sensitive data and appoint a CISO (Chief Information Security Officer- virtual, remote, third party or in-house).
  1. Protect electronic information- public and nonpublic.
  1. Annual Penetration testing.
  1. Bi-annual vulnerability assessments.
  1. Written incident response plans, data access limitation controls and employee training programs.

Recent events, such as the $81 million theft from the Central Bank of Bangladesh, have driven New York lawmakers to raise cyber security standards and other states expected to follow suit. A security breach can cost a firm millions in lost clients, stolen data, lawsuits, and insurmountable damage to that firm’s reputation, so it is important to invest in the right firm to address your business’ needs.

Mere compliance does not guarantee security; it is important to work with an experienced cyber security team to ensure your business and its data is safe. With a spotless track record, Gotham Security’s team is committed to keeping your company’s data secure. Is your company’s cyber security compliant with the new regulations?

Click below to learn more and contact us!

Learn More Button | Gotham Security