Cyber; Industry News

DFS: Implement Multi-Factor Authentication Even If Not Required

​The New York State Department of Financial Services (DFS) is urging the entities it regulates to implement multi-factor authentication (MFA) in their cybersecurity programs, regardless of their size. The statement came in an industry letter​ posted to the department's website on Dec. 7. If your agency is not already using MFA, you may want to consider implementing it soon.While stopping short of amending the Cybersecurity Requirements For Financial Services Companies regulation to require all entities it regulates to implement MFA, the letter declared, "Effective implementation of the Regulation's MFA requirement is one of the most potent ways to reduce cyber risk."MFA is "an authentication method that requires…

Continue ReadingDFS: Implement Multi-Factor Authentication Even If Not Required

DFS Warns Against Microsoft Exchange Security Holes

​The New York State Department of Financial Services (DFS) has warned all entities it regulates about newly discovered security vulnerabilities in the Microsoft Exchange Server software. The department advised all entities to take immediate actions to address the problem. The DFS regulates banking, financial services, and insurance organizations doing business in New York. If your agency is running this software, you may be at risk of having suffered a data breach already or of having one in the future. Agencies that use a cloud-based hosting service for email should not be affected.In a letter dated March 9, the department relayed Microsoft's report that it had found four…

Continue ReadingDFS Warns Against Microsoft Exchange Security Holes

DFS: Hackers Targeting Websites That Offer Instant Insurance Quotes

​The New York State Department of Financial Services today issued a warning of a "systemic and aggressive campaign to exploit cybersecurity flaws​" in websites that provide instant insurance quotes. The department urged all entities that it regulates, if they have instant quote websites, to review them for evidence of hacking.The alert, which DFS emailed to regulated entities and posted on its website today​, said that two auto insurers reported attempts by cybercriminals to steal unredacted driver's license numbers. These insurers off instant quotes for auto insurance on their sites. The New York Cybersecurity Requirements For Financial Services Companies regulation requires "covered entities" to report certain…

Continue ReadingDFS: Hackers Targeting Websites That Offer Instant Insurance Quotes