Monthly Archives: April 2021

A Message from the Big I NY Chair of the Board on the “NY-HERO Act”

​Earlier this week, I and members of the Big I NY board and staff joined employer groups from virtually every sector of the economy at a press conference to voice concerns with the “NY HERO Act", a bill mandating new workplace airborne infectious disease rules and regulations. The bill has now passed both the Senate and Assembly, and will soon head to the Governor's desk.The intent of this bill is noble – protecting workers from airborne diseases. But the reality for employers, particularly small businesses, is more crushing red tape, bureaucracy, and liability. Broadly speaking, the bill mandates the Department of Labor (DOL) to implement sweeping…

Continue ReadingA Message from the Big I NY Chair of the Board on the “NY-HERO Act”

Penetration Testing Not Required For Limited Exempt Agencies

​We want to reaffirm to those of you who have limited exemptions under the New York cybersecurity regulation that it does not require you to perform network penetration testing.Some members have reported to us emails sent by  a cybersecurity services vendor. These messages stated that the New York State Department of Financial Services (DFS) is requiring all entities covered under the regulation, Cybersecurity Requirements for Financial Services Companies​, to perform regular penetration testing of their computer networks. The vendor has said that DFS is requiring covered entitites to do this, regardless of their size. The regulation defines "covered entity" as "any individual or any non-governmental entity operating under or required…

Continue ReadingPenetration Testing Not Required For Limited Exempt Agencies

Industry Roundup: April 22nd

The Basic C​​ybersecurity Controls That Every Company MUST HaveWhen it comes to cybersecurity, don't underestimate the importance of basic controls. You and your employees are exposed in the pandemic-induced work from home environment to new cyber risks, raising the stakes for cyber best practices and education. Cyber criminals seek out the lowest hanging fruit. They're attacking organizations without the most basic controls, such as those with insecure remote desktop protocol (RDP) and those that lack multi-factor authentication (MFA) for remote access or administrative access into corporate networks. Make sure your agency is promoting basic cybersecurity measures.Employee Ben​​​efits in 2021: 3 Trends for the 'Next Normal'Employee…

Continue ReadingIndustry Roundup: April 22nd