Financial institutions & services are the main targets for hackers these days. It’s increasingly becoming a problem year after year. With the increasing occurrence of cybersecurity attacks, new regulation proposals are in work (23 NYCRR500 compliance). It needs all financial institutes & services in NY to authenticate their cybersecurity preventative measures in the form of a report known as Certification of Compliance. 

The objective of this regulation is to protect private & sensitive data of consumers from illicit individuals who can utilize it in a spiteful way, such as holding back the info for reimbursement (ransomware attack) or making use of the sensitive data to conduct an offense, for example, securities scams or funding a terrorist union. However, some entities don’t have to abide by these regulations, for example, entities with fewer than ten workers, including autonomous contractors. 

23 NYCRR 500 Compliance has many requirements that financial institutions in NY should abide by. Here are some of the major requirements:

Set up a Cybersecurity program:
The program should include guidelines for how they’ll spot cybersecurity occurrences, detect risks, and how the policies and procedures will be implemented to thwart unlawful access to company and consumer data. 

Appoint a CISO (Chief Information Security Officer):
Financial entities that are regulated should appoint a Chief Information Security Officer who’ll be accountable for implementing the cybersecurity program, imposing its guidelines, and supervising the program. The officer should report critical info like the summary of cybersecurity events, recognition of cyber vulnerabilities, and information systems privacy evaluations, to the board a minimum of two times a year. 

Set up 3rd-party specific guidelines:
It is critical for covered entities to prepare guidelines that are precise to compliance procedures for 3rd parties, such as affiliates or vendors. 

Training:
Ransomeware & DDoS attacks are an increasing cause of concern for businesses, both large and small. This is why training employees is a critical part of the compliance regulation, particularly since study shows that the majority of sources of cyber breaches can be accredited to workers & third parties who’ve access to company and consumer data. Hence, training is an essential component of the requirements of 23 NYCRR 500. 

Have a cybersecurity program:
The program should be written & encompass a wide range of guidelines and procedures that at least include measures such as risk assessments, the confidentiality of consumer data, network monitoring and security, alongside a plan for conducting the business in the occurrence of a disaster.

Disclaimer: This content is created and provided by a third-party online content writer on behalf of CompCiti, and is for commercial purposes only. CompCiti does not take any responsibility on the accuracy of this article.

Source From: https://23nycrrpart500.wordpress.com/2020/01/25/23-nycrr-500-what-you-need-to-know/