New York State Department of Financial Service gets tough on cyber security and issues new regulation

The New York State Department of Financial Service (DFS) is about to put in place a regulation that very clearly states what financial institutions are expected to do when it comes to cyber security and non-public information.

The regulations apply to roughly 4,000 banks, insurance companies, or other financial services institutions regulated by DFS.  They take effect 1 January 2017 and they have 180 days from that effective date to comply.

Amongst the usual regulatory requirements when it comes to cyber; policies, risk management and third parties etc. the DFS has taken a hard line on authentication. You are required to have multifactor authentication in the following circumstances:

  • accessing internal systems from an external network e.g. working from home or a third party support company;
  • using privileged  database access.

These are non-negotiable, so if you haven't got multifactor authentication in place, you might want to think about implementing it as the regulation becomes effective in 2017.

Finally, if you do have a 'cyber security event', as the DFS call it, and your non-public information becomes public, you have up to 72 hours to report the incident. 

Further information about the proposed legislation can be found here.

If you would like to discuss anything about the DFS regulations or multifactor authentication please contact us. Our cyber security experts can help you better understand this new regulation and address any concerns in an efficient and cost-effective manner.

Leave a comment

 Security code