NYDFS Cybersecurity Compliance Services
Cybersecurity compliance is something that many companies can understandably find daunting. There are so many different regulations and guidelines to keep track of. There are risk assessments, incident response plans, data governance and security, disaster recovery planning, and more to keep track of. But in today’s digital landscape, where many businesses have valuable information stored in ways that are susceptible to cyberattacks, cybersecurity is more important than ever before. One of the first steps to meeting cybersecurity compliance is understanding which regulations apply to your business.
In this article, we go over what you need to know about the NYDFS (New York State Department of Financial Services) Cybersecurity Regulation. Even if your business is not located in New York, this regulation may still apply to you. Broadly, the NYDFS Cybersecurity Regulation applies to any institution that requires a license from the NYDFS. If you handle financial data pertaining to New York Residents, even if you are not located in New York, the regulation still may apply to you. For example, if your business is located in Virginia but handles the financial information of New York residents, the NYDFS regulation would likely apply to you.
If you are unsure if the NYDFS Cybersecurity Regulation applies to your business, we highly recommend that you consult with a qualified attorney to assess your needs. You can also contact us today for a free preliminary assessment of your security needs.
The Basics of Meeting Cybersecurity Compliance Under NYDFS
The NYDFS Cybersecurity Regulation was implemented in 2017 to cover cybersecurity in New York’s large financial sector. This regulation may sound complex, but it really just serves to enforce common-sense security practices. Many financial companies covered by the NYDFS Regulation shouldn’t have much difficulty meeting the compliance requirements if they already meet compliance for other cybersecurity regulations (such as the PCI DSS, a broad regulation that applies to any businesses who handle cardholder information).
The NYDFS Cybersecurity Regulation stipulates that companies implement a robust cybersecurity program. According to the regulation, your cybersecurity program should be aligned with the following five core functions outlined by the NIST Cybersecurity Framework:
- Identify – identify the organizational understanding of cyber risk
- Protect – the use of defensive infrastructure to protect from cyber threats
- Detect – implementation of ways to identify cyber threats
- Respond – the course of action that will be taken to deal with detected threats
- Recover – the plan to restore functions if they are damaged by cyber threats