NYDFS Cybersecurity Compliance Services
Cybersecurity compliance is something that many companies can understandably find daunting. There are so many different regulations and guidelines to keep track of. There are risk assessments, incident response plans, data governance and security, disaster recovery planning, and more to keep track of. But in today’s digital landscape, where many businesses have valuable information stored in ways that are susceptible to cyberattacks, cybersecurity is more important than ever before. One of the first steps to meeting cybersecurity compliance is understanding which regulations apply to your business.
In this article, we go over what you need to know about the NYDFS (New York State Department of Financial Services) Cybersecurity Regulation. Even if your business is not located in New York, this regulation may still apply to you. Broadly, the NYDFS Cybersecurity Regulation applies to any institution that requires a license from the NYDFS. If you handle financial data pertaining to New York Residents, even if you are not located in New York, the regulation still may apply to you. For example, if your business is located in Virginia but handles the financial information of New York residents, the NYDFS regulation would likely apply to you.
If you are unsure if the NYDFS Cybersecurity Regulation applies to your business, we highly recommend that you consult with a qualified attorney to assess your needs. You can also contact us today for a free preliminary assessment of your security needs.
The Basics of Meeting Cybersecurity Compliance Under NYDFS
The NYDFS Cybersecurity Regulation was implemented in 2017 to cover cybersecurity in New York’s large financial sector. This regulation may sound complex, but it really just serves to enforce common-sense security practices. Many financial companies covered by the NYDFS Regulation shouldn’t have much difficulty meeting the compliance requirements if they already meet compliance for other cybersecurity regulations (such as the PCI DSS, a broad regulation that applies to any businesses who handle cardholder information).
The NYDFS Cybersecurity Regulation stipulates that companies implement a robust cybersecurity program. According to the regulation, your cybersecurity program should be aligned with the following five core functions outlined by the NIST Cybersecurity Framework:
- Identify – identify the organizational understanding of cyber risk
- Protect – the use of defensive infrastructure to protect from cyber threats
- Detect – implementation of ways to identify cyber threats
- Respond – the course of action that will be taken to deal with detected threats
- Recover – the plan to restore functions if they are damaged by cyber threats
Touchstone Security’s Approach to NYDFS Cybersecurity Compliance
Phase 1: Gap Assessment
We begin every job with a complete assessment of your current IT infrastructure, compliance requirements, and current safeguards in place. We compare these findings against cybersecurity best practices, and requirements under the NYDFS cybersecurity regulation in order to create a gap assessment. This assessment provides us a roadmap for moving forward and helping to ensure that you have met applicable NYDFS Cybersecurity controls.
Phase 2: NYDFS Security Control Implementation
Once the initial phase is complete, we will work with you to implement security controls and procedures to meet requirements that apply to your organization. Throughout this portion of the process, we provide extensive documentation that will enable you to easily provide auditors evidence of your controls.
Phase 3: Review and Continuous Support
At the end of our implementation period, we will provide your key stakeholders with a review of changes made to your security program, as well as documentation explaining how each control under the NYDFS Cybersecurity regulation has been met. Touchstone Security will also provide ongoing compliance or audit support at an hourly rate at the request of the client.
Touchstone Can Help With Your NYDFS Cybersecurity Compliance
If you are unsure whether you meet current cybersecurity standards under NYDFS, Touchstone Security can help. Our experts in cybersecurity have many years of experience assisting government agencies, Fortune 500 companies, and businesses of all sizes to understand and meet their cybersecurity needs. We will assess your individual cybersecurity needs, come up with a roadmap to fill your needs, and assist you in executing your cybersecurity program every step of the way.