Failure to comply with these laws and regulations could result in fines in excess of $250,000

The New York Department of Financial Services (NYDFS) Cybersecurity Regulation, also known as 23 NYCRR 500, is “designed to promote the protection of customer information as well as the information technology systems of regulated entities.” Like GDPR, its goal is to protect sensitive nonpublic information. NYDFS consists of rigorous cybersecurity rules for covered financial institutions like credit unions, banks, insurance firms and mortgage companies. It applies to all entities that are regulated by DFS, as well as any unregulated third-party service providers that work with them.

Can You Pass a DFS Cybersecurity Audit?

As of last year, at least 43 states and Puerto Rico introduced or considered close to 300 bills or resolutions dealing significantly with cybersecurity. Thirty-one states enacted cybersecurity-related legislation in 2019.

These laws are not State specific. You may have a financial advisory business in New Jersey, but have clients in New York. Because clients are located in New York, you are subject to the New York Laws.

Are you sure you can pass a Cyber Audit from:

  • The State of New York

  • The State of California

  • The State of Colorado

  • The State of Massachusetts

  • The Securities and Exchange Commission

  • The American Bar Association

  • The European Union (GDPR)

  • And many others

What is Required
All these laws and regulations have many things in common:
  • Requiring Businesses to establish a cybersecurity program through periodic internal and external risk assessments that may threaten the security or integrity of Nonpublic Information on Information Systems.

  • Create and maintain written policies and procedures to protect Nonpublic Information on your Information Systems.

  • Document and limit User Access privileges.

  • Periodic risk assessments that address changes of Information Systems, Nonpublic Information or business operations are required to inform the design and changes of the cybersecurity program.

  • On a periodic basis, the secure disposal of any Nonpublic Information that is no longer necessary for legitimate business operations is required unless it must be retained by law or regulation.

  • Designate a qualified Chief Information Security Officer. The CISO may be employed internally or by a Third-Party Service Provider.

  • Controls must be implemented to protect Nonpublic Information that is held or transmitted over external networks and at rest via encryption. The CISO must annually review and approve these controls.

  • A written incident response plan must be designed to respond and recover from any Cybersecurity Event materially affecting the confidentiality, integrity, or availability of Information Systems.

  • Regularly train all employees in Cyber Security risks and hygiene.

Various States and Entities have additional requirements depending upon the size of your company. Failure to comply with these laws and regulations could result in fines in excess of $250,000



Analyitcs 2.png
We provide a complete program to ensure compliance, including:
  • A Risk Assessment of your IT Environment Search the Dark Web with your email addresses for any indications of any exposure and other risks.

  • A detailed analysis of your Risk Assessment Environment Provide you with a list of discovered weaknesses to correct.

  • A set of Cyber Security Policies consistent with the Cyber Regulations for you to adopt training all your employees in Best Cyber Security Practices and Hygiene.

  • Certificates of Completion for each employee who takes all the training provided you with whitepapers, checklists, and application tools (e.g. Password Analyzers) to improve the Client’s internal security environment

  • One year monitoring of the Dark Web for any indications of breaches and other risks provide your employees.

  • Exclusive access to ID360’s ID Check-Up Tool, allowing them to easily access reports from Credit Bureaus and other public databases

  • At your request, file for your limited exemption from the NY DFS Regulations, and file all certifications.

  • Comprehensive Identity Recovery services for all employees and their families, and access to deeply discounted monitoring plans.

What does Cyber Compliant Provide