New York State’s DFS 23 NYCRR Part 500 mandates cybersecurity requirements for financial-services companies including banks, insurance companies, and many other businesses in the financial industry. The regulation provides an outline of what you are required to do to protect your customer’s data. There are quite a few requirements and unfortunately, not being aware of them is not a defense. Follow the steps below to protect your business.
1) Find Out If Your Company is a Covered Entity
Search here to see if your company is supervised by the New York State Department of Financial Services.
2) If You Are a Covered Entity, Familiarize Yourself with the Regulations
- New York State Department of Financial Services 23 NYCRR 500
- New York State Department of Finacial Services Cybersecurity Filings
- 23 NYCRR 500 Frequently Asked Questions
3) Get a Cybersecurity Assessment
A cybersecurity assessment will:
- Identify gaps that may exist in your cybersecurity
- Identify where you are out of compliance with the regulation
- Identify solutions & processes that will help you become compliant
- Provide you with a security roadmap for your business
4) Implement the Necessary Solutions & Procedures
It’s important that you make an effort to comply with the regulations. The state understands it’s a big undertaking and they’re looking for you to make progress toward being completely compliant. Start closing the gaps by implementing as many solutions as possible.
5) Perform an Annual Assesment or Security Audit
Compliance is not a one and done endeavor. To stay compliant, you must make sure the things you committed to doing are still being done.