Cybersecurity professionals are under constant pressure to protect the organization’s IT systems from attacks and vulnerabilities. Top-level executives demand breach-free infrastructures, while the market emphasizes privacy and security. If that weren’t enough, states are now implementing tougher cybersecurity regulations that add to the pressure.
New York Cybersecurity Regulation
Greensfelder Hemker & Gale PC, a law firm based in St. Louis, MO, provides excellent analysis of “Cybersecurity Requirements For Financial Services Companies,” the new cybersecurity regulation in New York state, which took effect on March 1, 2017.
To mitigate the loss of sensitive electronic data, the New York State Department of Financial Services (DFS) set minimum regulatory information security standards.
All New York financial companies with more than 10 employees must abide by this new cybersecurity regulation by August 28th, 2017. Within this short deadline, companies are required to meet three detailed cybersecurity criteria:
- The organization must have a cybersecurity program
- This program must maintain specific cybersecurity policies pertaining to the periodic risk assessment
- The company must conduct a minimum of 2 vulnerability assessments per year
Similarly, recent regulation rulings in Colorado and Vermont also require financial firms to have annual cyber risk assessments and implement certain cybersecurity procedures.
To ensure the policies and programs are not overlooked, the regulation also requires these organizations to appoint a Chief Information Security Officer (CISO) to implement and manage the cybersecurity program.
What this Regulation Means
The state of New York, where so many key financial firms are headquartered, wants the financial firms doing business within the state to make information security more than a mere paper shuffle. Firms are required to not only hire cybersecurity teams, they must also perform risk assessments and then formulate strategies to address any vulnerabilities and protect sensitive client data.
While this may sound like common sense, many organizations have only paid lip service to cybersecurity up to this point, a policy that becomes more risky every day. The stakes are too high and the threats to security are too many to shrug off the responsibility of protecting one’s enterprise from a data breach.
To learn more about cybersecurity and how our product, EAGLE6, detects vulnerabilities before they expose your enterprise to risk, click here.