27 Feb 2017
The Ripples Are Moving Across the Pond. Will You Be Ready for Regulations?
When you think of American money, where do you think of? A mattress stuffed full of dollar bills? Your local bank? Fort Knox? Of course not. When people think of American money they think of New York City. From the billions of dollars held by banks like Goldman Sachs to the all the money Americans all over the country have invested on Wall Street, New York City is the heart of America’s finances. And that makes it the heart of the world’s finances.
What happens in New York has repercussions throughout the rest of the world.
That being said, the New York Department of Financial Services’ new cyber security regulations for 2017 won’t only affect people in New York but the entire world. Which means you need to know what the regulations require, why they’re there, and how financial institutions are preparing. After all, with all the money that flows through New York City, you can expect the same regulations to spread across the world.
The NYDFS’s cybersecurity regulations will go into effect on March 1st and all financial institutions will have 180 days to get up to code or pay the price. Under the new regulations, financial institutions can no longer put cyber security on the backburner. All financial entities must have a cybersecurity program based on the potential threat of a breach. The cybersecurity program can be maintained by an affiliate but all the information to the program must be accessible to NYDFS officials. The regulations also say that companies have an obligation to appoint a qualified cybersecurity executive to oversee the implementation of their programs, but that won’t be the end of that person’s job. They will also need to provide an annual written report to the NYDFS. But that’s just the tip of the iceberg. Covered entities will also have new rules for third-party service providers, multi-factor authentication, and audit trails to name a few.
This isn’t the first time regulations like these have been put in place, and it certainly won’t be the last. Cybercrime is on the rise, and that means every industry will be facing some sort of cybersecurity requirements in the future. So how can you prepare for regulations like the NYDFS’?
The first step is to establish your organization’s cyber security program. That means finding the specific cyber risks you face, how to prepare for them, and how to respond if there is a breach. For example, you can launch penetration tests that will show you where your security is lacking where you need to invest your time and energy. If you run penetration tests, you may have to reach out to a third party security provider. That’s another area that future regulations will target. The NYDFS’ regulations will also apply to any third party service providers. You can get ahead by taking the time to evaluate all third party providers your organization deals with and making sure they not only meet industry standards but your standards too. Your company may not be large enough to have the same security standards as a New York megabank, but with these simple steps, you can move closer to their cyber security standards.
The pebbles have hit the water. The ripples are moving across the pond. All the breaches and attacks of 2016 are causing companies and industries to require all companies to treat cybersecurity seriously. If your industry doesn’t already have cybersecurity regulations make the transition easy and implement simple steps like third party service agreements and penetration tests. You can do it now on your own schedule or do it on someone else’s later. The choice is yours. Stay tuned for more updates on how you can bring your cybersecurity up to code.