• CUSTOMER LOGIN
  • Products
    • TPRM by ThirdPartyTrust
    • Beacon by ThirdPartyTrust
  • Company
    • About us
    • Partners
    • Product Security
    • Privacy Policy
REQUEST DEMO
  • Products
    • TPRM by ThirdPartyTrust
    • Beacon by ThirdPartyTrust
  • Company
    • About us
    • Partners
    • Product Security
    • Privacy Policy
REQUEST DEMO
  • CUSTOMER LOGIN
  • Products
    • TPRM by ThirdPartyTrust
    • Beacon by ThirdPartyTrust
  • Company
    • About us
    • Partners
    • Product Security
    • Privacy Policy
REQUEST DEMO
  • CUSTOMER LOGIN
  • Products
    • TPRM by ThirdPartyTrust
    • Beacon by ThirdPartyTrust
  • Company
    • About us
    • Partners
    • Product Security
    • Privacy Policy
REQUEST DEMO
  • PARTNERS LOGIN
  • CONTACT US
  • PRIVACY POLICY

New York’s DFS Cybersecurity Regulations in a Nutshell

Published by Guest Writer on March 21, 2017
Categories
  • Blog
Tags
  • Cybersecurity
  • Industry Regulation
New York’s DFS Cybersecurity Regulations in a Nutshell

The NY Department of Finance recently cast stringent and wide-reaching Cybersecurity regulations on banks, insurance companies, other financial services institutions, and anyone that does business with these types of entities in the state of New York. We break down the new DFS Cybersecurity Regulations and what they mean for your vendor risk management program.

Recent high-profile data breaches affecting the financial and healthcare sectors highlight the unexpected or unintended consequences that can arise when organizations outsource IT, support and processing activities.

The new regulatory requirement 23 NYCRR 500 mandates that organizations must manage risks commensurately with the level of complexity, as well as the risks inherent in each third-party relationship.

WHAT YOU NEED TO KNOW ABOUT THE new DFS Cybersecurity Regulations

In summary, the law requires all business institutions to prove that they have:

  • Established a Cybersecurity Program
  • Adopted relevant Cybersecurity Policies and Procedures
  • Hired and empowered a Chief Information Security Officer
  • Implemented governance measures for Cybersecurity risks of Third-Party Service Providers, Partners, and Customers

The legislation is effective as of March 1st, 2017, and compliance is mandatory within 180 days. The New York State has issued a list of frequently asked questions (FAQs) around compliance and exceptions.

For companies it basically says, “make sure your vendors are secure, that they securely access your data, and that their third parties and vendors are compliant, too.” Managing your vendors is a challenge, fourth party management is an even bigger hurdle to overcome if you look at the current landscape and available solutions.

New York’s DFS Cybersecurity Regulations in a Nutshell

WHAT DOES THIS MEAN FOR YOUR VENDOR RISK MANAGEMENT PROGRAM?

We at ThirdPartyTrust are singularly focused on third party risk management. As such, let us highlight what this means for your vendor risk management program.

You will be required to:

  • Perform a thorough risk assessment of third party service providers; and
  • Assess minimum security expectations and requirements of third parties; and
  • Perform due diligence that your third parties and their third parties are following requirements; and
  • Perform periodic security assessments of third parties; and
  • Use multi-factor authorization for third parties; and
  • Use encryption in transit and at rest; and
  • Require third parties to notify your company of real or suspected security issues.

Ultimately, the use of third-parties suppliers and outsourcing will not absolve organizations of responsibility for that risk nor will it allow deflection of a security breach to the outsourced entity. Violations can be assessed as “willful misuse” carrying fines of $50,000 or more per instance.

WHAT’S NEXT?

For many companies, the process of gathering and managing third party risk profiles is laborious and time-intensive, with spreadsheets and file cabinets being the historical method of choice. Gleaning insights and patterns from this information is difficult, at best. However, there are tools and frameworks available to make this easier for organizations and their third party vendors. 

Download Guide: Building a Scalable Third Party Risk Management Program

It’s clear that regulators are now requiring all companies to actively be apprised of their third-party entities’ cyber risk profiles and methods. Establishing a line of sight with each third-party entity’s Vendor Management and/or Compliance department is even more difficult. Similarly, establishing a formalized framework for the purpose of acquiring third-party cyber risk intelligence is extremely difficult

Regardless of the difficulty, the regulators will hold you accountable, and the penalties will carry hefty monetary fines (as well as adverse effects to your reputational and operational risk).

It is imperative that organizations implement a controllable, pragmatic risk management strategy. The most efficient strategy incorporates converged practices, collaboration, and relationship building at the third and fourth party levels. This strategy applies for domestic dependencies as well as global dependencies, where the challenge of managing third party security is compounded by distance, legal, and cultural variables.

 


 

To learn more about how ThirdPartyTrust can help you manage third-party risk, request your free trial now:

 

Trial Account Sign-Up
Guest Writer
Guest Writer
    • Phone
      |+1-617-245-0469
    • Address
      |
      111 Huntington Ave, Suite 2010, Boston, MA 02199
    • Sales
      |sales@bitsighttech.com
    • Contact Us
    Laika_SOC2_TypeI_PurpleIris        CSA_Trusted_Cloud_Provider

    ©2022 ThirdPartyTrust, LLC and its Affiliates. All Rights Reserved. | 111 Huntington Ave. Suite 2010 Boston, MA 02199
    • PARTNERS LOGIN
    • CONTACT US
    • PRIVACY POLICY
    We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept”, you consent to the use of ALL the cookies.
    Do not sell my personal information.
    Reject AllAccept
    Cookie Settings
    Manage consent

    Privacy Overview

    This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
    Necessary
    Always Enabled
    Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
    CookieDurationDescription
    cookielawinfo-checkbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
    cookielawinfo-checkbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
    cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
    cookielawinfo-checkbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
    cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
    viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
    Functional
    Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
    Performance
    Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
    Analytics
    Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
    Advertisement
    Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
    Others
    Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
    SAVE & ACCEPT