Beginning this month, The New York State Department of Financial Services (NYS DFS) is requiring all licensed organizations to “implement a robust cybersecurity plan that protects their business as well as non-public client information…” Title 23 /Section 500, requires all organizations (regardless of size) to comply and file accordingly.
But you’re not licensed in New York, so you’re all set… Right? Maybe… Question: If the brakes on your car weren’t working, would you get them fixed? Would it matter if the repair wasn’t mandatory?
It’s not news that security agencies have been closely monitoring growing threats posed to private corporate information technology systems by nation-states and criminal actors. Cybercriminals continue to exploit technological vulnerabilities, gaining access to sensitive electronic data, and causing significant financial losses for businesses and consumers whose private information may be stolen and used for illicit purposes.
Businesses today require minimum standards in cybersecurity. If your company isn’t prepared to make the investment proactively, the reactive approach will absolutely cost more. As many business leaders can attest, cleaning up after a cyberattack can cripple an organization.
So how close are you to “minimum standards”? According to the NYS DFS that question is answered in this easy to read (not really!) 15 page policy document.
Truth be told, our clients don’t pay much attention to arbitrary minimum standards set by State Regulators or agency watch groups – that’s our job! Our clients keep their focus at a higher level. Maintaining a “holistic view” of their technology systems and cybersecurity packages, they expect these tools will meet their operational and strategic goals, and keep them safe and compliant by nature.
Here are some questions we recommend leadership asks in order to maintain a healthy approach to cybersecurity:
- Are you working with (and following the advice of) a trusted IT adviser?
- Does your team receive regular security training?
- How often are your backup systems tested?
- How disciplined is your approach to patch management and security updates?
- Is everything in your environment documented and accessible?
- How much ‘human intervention’ is necessary for complete recovery?
- To the very best of your capabilities & resources, is your business protecting itself and its IT assets?
Your bottom line, your reputation, your brand, your ability to do business – all hinge on how effectively you protect your technology. From non-public client data and valuable internal documents to sensitive emails and confidential materials, the assets and information stored within your network are quite valuable to your business, and others.
At Mindcore, we believe a holistic approach to cybersecurity means understanding the strategic needs and risks within your business in order to design a comprehensive and proactive solution. We understand there are some organizations willing to get by on minimums, but our clients don’t share this thought process. Our clients seek competitive advantage and IT solutions matched to their operational needs, and they consequently demand more from their technology partner. We’re happy to deliver!
We’d love to know your thoughts on the new NYS DFS cybersecurity regulations and learn how you protect your business interests. Visit our LinkedIn page and leave a comment.