The State of New York will be implementing new regulations that require banks, financial services companies to have cyber security programs and also maintain them to specific standards.
“As our global financial network becomes even more interconnected and entities around the world increasingly suffer information breaches, New York is leading the charge to combat the ever-increasing risk of cyber attacks,” Maria T. Vullo, superintendent of the New York State Department of Financial Services, said in a statement.
Financial companies now need to check security at third party vendors. Also, they need to maintain adequately funded and staffed cyber security program. It should be monitored by qualified management. The team should report to organisation’s senior body.
Standards are also set for access controls, encryption and penetration testings. Breaches should have response plan. Preservation of data comes under this new rule. And notification to the Department of Financial Services should be sent.
Prevalent director of product management Jeff Hill told “The economic wake of a substantial data breach can stretch for years, impacting not only tangible bottom line results, but also inflicting reputational damage that can linger indefinitely.”
“New York State’s new rules are particularly forward-looking in that they emphasize the importance of understanding and managing third party risk, the source of more than half of all breaches according to a number of studies,” Hill added. “Addressing what is often the soft underbelly of many enterprises’ cyber security defenses — third parties/vendors — the State of New York is forcing a critical element of its economic infrastructure to cover all its bases.”
“In recent times, the regulatory pendulum has begun to swing in favor of a ‘lighter’ approach for banks, financial services and for other industries too, for that matter,” VASCO Data Security head of global marketing David Vergara said by email. “It’s good to see, however, that good sense regulations like this one have survived to offer additional consumer protection via thorough evaluations of third party vendors, comprehensive risk assessments and advocacy for stronger multi-factor authentication.”
Alertsec’s cloud-based information security service provides an easy and convenient way to protect information on your organization’s laptops and computers.