Tag: regulations

Fasoo Sponsors NYDFS 23 NYCRR 500 RoadshowOn March 1, 2017 new sweeping cybersecurity regulations from the New York State Department of Financial Services (NYDFS) took effect.  The NYDFS 23 NYCRR 500 regulations affect thousands of regulated financial institutions that do business in New York as well as thousands of Third Party Service Providers that support those financial institutions, world-wide.  The regulations add to the complexity that financial institutions already face in developing and implementing their comprehensive information security programs.  They also bring with them challenges and uncertainty as organizations implement new tools and practices designed to protect customer and company information.

In response to this sea-change, Fasoo is sponsoring a roadshow across three major markets in New York (Rochester, Buffalo and NY city) to help affected organizations comply with the new regulations.  The highlight of the roadshow will be a keynote by Dr. Larry Ponemon of the Ponemon Institute reviewing a study sponsored by Fasoo to gauge industry readiness and reaction to the new regulations.

The roadshow brings together experts in cybersecurity, insurance, law, corporate governance, risk management and compliance to help audience members prepare for implementing and managing these new regulations that will surely expand to other states and industries.

If you are in one of these cities during the week of May 15, 2017, please join Fasoo and its partners (see below) for one of these exclusive events.

Rochester, NY – May 16, 2017  8:00 AM – 10:00 AM
Harter Secrest & Emery LLP, 13th Floor
1600 Bausch & Lomb Place
Rochester, New York 14604
To learn more and register, please click here.

Buffalo, NY – May 17, 2017  8:00 AM – 10:00 AM
Phillips Lytle LLP
One Canalside
125 Main Street
Buffalo, NY, 14203
To learn more and register, please click here.

New York, NY – May 19, 2017 8:00 AM – 2:00 pM
300 Madison Avenue
New York, NY 10017
To learn more and register, please click here.

NYDFS 23 NYCRR 500 roadshow sponsors
Ponemon Institute
Harter Secrest & Emery, LLP
Brite Computers
GreyCastle Security
Lawley Insurance
Phillips Lytle LLP
Freed Maxick

Is your board of directors prepared for a cyber attack?Another day, another cyber attack.  Just in the last few weeks we have seen headlines about a major data breach at Yahoo announced, accusations that the Russian government interfered with the US presidential election and the E-Sports Entertainment Association suffered a breach of over a million records.

Despite the potential harm from such attacks, there is a general consensus that boards of directors are not taking the necessary actions to defend and protect their companies from these attacks.  The problem is that many people in leadership positions do not understand the real problems and consequences of a cyber attack and do not have enough understanding of cybersecurity risks and how to mitigate them.

“Our country and its businesses and government agencies of all sizes are under attack from a variety of aggressive adversaries and we are generally unprepared to manage and fend off these threats,” said Gartner analyst Avivah Litan.

“Some organizations do a better job than others, but those efforts are almost always led by CIOs, CISOs or business line managers and not by corporate boards, CEOs and executive management throughout government and the private sector,” Litan added.

The National Association of Corporate Directors (NACD) recently released a survey of more than 600 corporate board directors and professionals that found only 19% believe their boards have a high level of understanding of cybersecurity risks. That’s an improvement from 11% in a similar poll conducted a year earlier, but nowhere near the levels needed to protect businesses and their customers.

Fortunately things are beginning to change as legislation and regulations are finally catching up to the realities of the business world.  While most of the states in the US have laws requiring data breach notification, federal laws are slow to catch up.  A number of US senators have backed breach notification laws, but no bills have passed congressional muster.  It will be interesting to see if things change under President Trump given the increasingly negative affects of cyber attacks.

Proposed regulations in New York by the Department of Financial Services (DFS) are an example of states trying to increase protection of sensitive information and hold senior leadership accountable.  The proposed 23 NYCRR 500 Cybersecurity Requirements for Financial Services Companies requires the board of directors or a Senior Officer to certify that they are in compliance with these regulations.  The regulations call for a cybersecurity plan, encryption of non-public data, access controls and audit trails of activities.  The goal is to increase the security posture of financial institutions to protect confidential information.

“Having a requirement to disclose is a great motivator to increase security to prevent future attacks,” Litan said. “No one wants their names in the news. That’s what corporate directors are most worried about, in fact.”

Education at the board level is of paramount importance to help directors understand the risk they face from cyber attacks.  Just like a board needs to understand the risk from competitors, fire, theft, litigation and currency fluctuation, they must understand how to mitigate the risk of cyber attacks.  Regulations like those proposed in New York are the beginning of this process and boards must now understand that they will be personally liable if they do not comply.

Book a meeting