Blog

NYC NYDFS 23 NYCRR 500 Cybersecurity Event A Big Success
Cybersecurity News

Panel at PwC discussing NYDFS 23 NYCRR 500 Cybersecurity RegulationThe third in a series of NYDFS 23 NYCRR 500 roadshow events at PwC in New York, NY on May 18, 2017, was a great success as a room full of executives, legal, IT and security professionals discussed ways to help financial services organizations meet the new cybersecurity regulations that went into effect on March 1, 2017.  Pathway to compliance with NYDFS Part 500 was part of a continuing series of forums to assist entities regulated by the New York Division of Financial Services (NYDFS) comply with a strict and wide-ranging regulation.

The event started with Joe Nocera, PwC principal and Cybersecurity Financial Services Industry Leader, giving an overview of 23 N.Y.C.R.R. Part 500 and many of the implications this has for financial institutions doing business in New York.  Joe talked about some anticipated challenges to meet encryption of nonpublic information, multi-factor authentication, incident reporting and annual certification.  While technologies and processes to meet these requirements are not new, there are a lot of questions about how to do it.  For example, is using end-point encryption good enough to protect data at rest and in transit?  What happens when you email a file with nonpublic information from your PC to someone else?  The file is no longer encrypted, so you are vulnerable.

Are You Prepared to Combat Insider Threats?
Cybersecurity Insider threat

Combat insider threatsInsider threats exist everywhere and are tricky to detect and deter.  Privileged users can pose a greater threat to your business than hackers, since they already have access to your critical business data.  If a user has legitimate access to sensitive data, that person may accidentally or deliberately share it with unauthorized people inside and outside of your business. Trying to differentiate legitimate data sharing and malicious activity is difficult.

Users need to share sensitive documents with colleagues, business partners and customers regularly. Technology makes it easy to share massive amounts of confidential data with a click or tap through email, file synch and share services or portable media. If a user regularly accesses sensitive information for her job, how do you stop that person from leaking that data to unauthorized people?