What do the new NY cyber security regulations mean for you?
How good is your company’s cyber security? We at Small Business Intelligence have urged and offered services to businesses to upgrade their data and cyber security systems to protect themselves and their customers. Now, New York has passed regulations that require adequate standards. Those who provide services in any financial industry come under these new regulations, overseen by the NY Department of Financial Services. The bill is called 23 NYCRR 500, and requires the information systems of every “covered entity,” such as insurance agencies, financial advisers, banks, etc., to meet certain minimum specifications. The following is a partial list of the new requirements:
- Generate an annual cyber security report
- Execute annual penetration testing
- Execute bi-annual risk assessments
- Implement an audit trail to track breaches
- Create and implement a 5-year data retention policy
- Evaluate custom applications yearly
- Implement two-factor authentication for all remote access
- Create policies based on new risks as they are discovered
- Train all employees quarterly about cyber security and emerging threats
- Encrypt all non-public data (not just sensitive data) on computers and during transit (email, file sharing, etc)
- Notify Superintendent of breaches within 72 hours
- Certify to the Superintendent annually that information systems meet the requirements.
Can you do all this yourself? Probably not. Most likely, you need to hire an outside consulting firm to help meet the required standards.
Small Business Intelligence has worked diligently to understand every nuance of this new law and we are ready to provide our customers with a comprehensive plan to meet these requirements. Every service from software patching to employee training is included.
What does this mean if you are not part of the financial industry? Nothing yet, but will New York State stop there? It is likely that these regulations are also coming to other industries, such as law offices, and accounting firms. Start now to secure your future.
Don’t risk your livelihood or your customers’ data! Let us help.
For a free analysis of your company’s cyber security, give us a call (585)360-2572