NY CYBERSECURITY REGULATIONS What EVERY Organization Needs to Know
A new regulation was put in place in the state of NY and your business is required to comply, or pay fines.
Who does it apply to? ALL entities regulated by the Department of Financial Services (DFS) BUT limited exemption applies to covered entities with: Fewer than 10 NY-based employees (including independent contractors and affiliates) OR Less than $5 M in gross revenue from New York business operations OR
If you qualify for the limited exemption, you must file a notice with the DFS within 30 days of determination that you are exempt. In the event you cease to qualify as of most recent fiscal year end, you then have 180 days from fiscal year end to comply
Less than $10 million in year-end total assets Employees, agents, representatives or designees of a covered entity A covered entity that does not directly or indirectly control any information systems
Effective & Compliance Dates Transitional periods for individual parts of the regulation:
Regulation effective date: March 1, 2017
September 1, 2017
March 1, 2018
September 1, 2018
March 1, 2019
Compliance dates - color legend for requirements below
All organizations (including those with limited exemption) must: Establish a security program and implement cybersecurity policies
Limit and periodically review access privileges
Provide notice to Superintendent of a cybersecurity event
Conduct periodic risk assessments
Establish policies for disposal of nonpublic information no longer needed
Implement policies & procedures to secure information accessible to third party service providers
In addition, those who do NOT qualify for the limited exemption must also: Employ cybersecurity personnel
Develop an incident response plan
Designate a Chief Information Security Officer (CISO)
Establish multi-factor authentication Conduct penetration testing and vulnerability assessments
Train employees and monitor authorized users
Establish procedures and guidelines for in-house developed applications
Encrypt data at rest and in transit
Establish an audit trail
How do you accomplish this for your organization? Absolute Logic's CyberGuard program has the expertise and tools needed to help any organization meet the obligations of the regulation. Learn more at absolutelogic.com/cyberguard
Clients Testimonials “…provides the quality services that keeps us up and running…”
“…they are always there when you need them …”
“Our customers today require, actually they demand more than competitive prices. They want fast and efficient. And to provide that kind of service we need to rely on automation - having our network up and running every minute of every day. Absolute Logic provides the quality services that keeps us up and running so that we can serve our customers. So the question I'd ask is if you're not an Absolute Logic customer, why not? "
"When we were looking for an IT company to assist us in opening our office in 2008, we turned to Absolute Logic. Absolute was there when we needed them with professional and knowledgeable service. They drew on a deep understanding of law firms and provided accurate recommendations for what our law firm would need to open its doors and were there to make sure the opening went without hitch. They have continued as our IT services provider and provide exceptional service. If I were asked what I like most about Absolute, it would be the fact that they are always there when you need them and they provide you service without interrupting your business."
John Solovei President | Mather & Pitts Insurance
Absolute Logic
protectme@absolutelogic.com
Christopher B. Weldon, Esq. Partner | Keidel, Weldon & Cunningham, LLP
www.absolutelogic.com
855-255-1550