More than a Risk Assessment
You may focus on physical security, but how much do you think about your cyber security hygiene? Criminals tend to be after the same thing; a large payout of someone else’s money. Pickpockets scope out a target of who they think will carry the most cash or valuables before striking. Bank robbers learn movements of money to maximize their payout and reduce their risk of being caught. As currency moves into the digital realm, so do the criminals. In 2018, finance and insurance were the highest targeted industries. Why? Money. While the means of theft evolve, one truth remains the same. If you control people’s money, you are a target.
It’s time for a change in your security hygiene
The New York Department of Financial Services (NYDFS) recognizes the havoc cybercriminals are wreaking on the financial industry. They are leading the nation in requiring the industry to become more cyber secure at all levels. Larger companies have higher standards to uphold to protect their larger client base. However, even small companies must set up basic cybersecurity and provide proof of compliance. Why? Cyber criminals know small and medium sized companies tend to have lower security in place, making them a perfect target. In fact, according to Verizon’s Data Breach Report, 43% of cyber-attacks targeted small businesses.
IT manages our cyber risk, right?
This is where the false sense of security is with many insurance brokers and organizations. Most IT departments or Manage Service Providers (MSPs) are focused on technology and data access. They don’t know if you are conducting cyber security awareness training for your employees or if you have accurate security measures in place for vendors.
NYDFS wants businesses to move to a holistic and vigilant approach by building a cyber resilient culture that goes beyond technology. To outpace the cyber criminals, you must increase your security hygiene within your company that covers your people, processes, technology and vendors.
Compliance starts with knowing your risk across your organization
All financial services, regardless of size, must do the following to design and implement a cybersecurity program to meet regulations.
- Conduct a proper risk assessment that covers 14 topics around people, processes, technology and vendors.
- Make sure you have policies, procedures, and documentation that covers the 14 areas.
- NYDFS requires documentation for several plans: (Make sure you check with your IT and/or IT provider you have to make sure these plans are available regarding cyber breach!)
|Risk Management Plan||Outlines what you are doing to prevent cybercrime, improve cybersecurity and information protection and reduce cyber risk|
|Incident Response Plan||Details action to respond to an incident across your organization|
Disaster Recovery Plan
|Details actions to minimize and recover from a breach across your organization|
|Breach Notification Plan||Defines who you need to notify, when to notify and how to notify to avoid penalties and limit liabilities|
Lacking resources, time and expertise to get NYDFS Reg 500 compliant?
CyberCompass® is automated, cloud-based compliance software with built-in expertise that translates NYDFS government requirements into layman’s terms. It does most of the heavy lifting for your risk assessment, analysis, remediation and compliance documentation- including updated policies and procedures and all the required plans. There is no software to download or install and it can be accessed anywhere. Click here for a quick video about how CyberCompass® works with NYDFS compliance.
Don’t let cyber uncertainty keep you from protecting your business and your clients. Contact on of our distributors today and see how we can prepare you for the NYDFS deadline and to best protect your clients and business.