Ask Tim; Cyber

REMINDER: Cybersecurity Requirements Coming Nov. 1

Abstract: There's one last deadline coming up for insurance agencies and others subject to New York's cybersecurity requirements for financial services companies regulation, Body: ​There's one last deadline coming up for insurance agencies and others subject to New York's cybersecurity requirements for financial services companies regulation, By November 1 of this year, all businesses covered by the regulation must implement policies and procedures to create and maintain inventories of their computerized assets. We have created a Microsoft Excel workbook for members to download and use to meet this requirement.Also by November 1, all covered entities must implement multi-factor authentication for all remote access to the agency's…

Continue ReadingREMINDER: Cybersecurity Requirements Coming Nov. 1

DFS Urges Cyber Precautions Due to World Events

Abstract: The New York State Department of Financial Services (DFS) today advised all entities it regulates to prepare for increased risks of cyber attacks resulting from recent global conflicts. Body: ​The New York State Department of Financial Services (DFS) today advised all entities it regulates to prepare for increased risks of cyber attacks resulting from recent global conflicts. The industry letter appears to have been prompted by the entry over the weekend of the United States into the conflict between Israel and Iran.Parts of the letter focused on laws and regulations pertaining to virtual currencies and U.S. sanctions against certain countries. Much of it discussed…

Continue ReadingDFS Urges Cyber Precautions Due to World Events

Reporting Cybersecurity Incidents

Abstract: The New York financial services cybersecurity regulation requires you to notify the state Department of Financial Services if you are victimized by cyber criminals. Body: ​It is always possible that your agency – or one of the third-party service providers (TPSPs) the agency works with – will be victimized by cyber criminals. If that happens, the New York financial services cybersecurity regulation requires you to notify the state Department of Financial Services (DFS.) While you're attempting to limit and repair the damage, these are some questions that might come up:What is a “cybersecurity incident"?The regulation defines that term in two parts. The first is…

Continue ReadingReporting Cybersecurity Incidents