It's fair to say that what happens in New York affects the entire world. Thousands of companies make their home there, and some of them — Goldman Sachs, JP Morgan Chase, American Express, Citigroup, and others — can affect the economies of entire regions with the flick of a pen. Therefore, it's safe to say that a new cyber security regime, affecting companies under the governance of New York's Department of Financial Services (DFS), would have potentially global ramifications.
This regulation, known simply as the "DFS Cyber Security Compliance" took effect on August 28th, 2017. Safe-T has been following this regulation since it was proposed last year. From the beginning, we've known that it represents a sea change in state-level cyber security regulations, presenting a model for other states in the nation to follow
What Does the DFS Cyber Security Compliance Entail?
As a brief recap, the DFS Cyber Security Compliance is intended to force banks and financial institutions in New York to beef up their security operations. As such, the DFS Cyber Security Compliance mandates a number of important activities for companies to perform on a regular basis, including:
- Risk assessments and penetration testing once a year
- Vulnerability assessment once a quarter
- Ongoing security awareness training
- Mandatory incident response planning
- Compliance with current best practices for authentication, encryption, and access
- Detailed record keeping
To be fair, much of this new compliance standard simply codifies what is currently regarded as best practice for information security. As much as these standards are common sense, however, a startling number of companies still fail to follow them — a recent survey shows that 58% of companies have no idea how well their current SecOps investments actually translate into the ability to guard against cyberattacks.
Why is the DFS Regulating Cyber Security? Why Now?
There are two big reasons why it makes sense for the state of New York to personally step in when it comes to cyber security enforcement regarding its financial companies.
- New York is the world's financial capital, and it wants to stay that way:
Following a few incidents over the years, in which Goldman Sachs, JP Morgan, American Express, and other companies have suffered embarrassing data breaches, New York wants to reassure the citizens of the world that it's a safe haven for their money. This means making sure that New York's financial companies follow cyber security best practices.
- There's a gap in cyber security enforcement for financial companies:
The DFS press release announcing the start of the DFS Cyber security Regulation specifically points to, "federal cyber security policy lacking for the financial services industry." In other words, there's no robust guidance from the head of the government that forces the financial industry to comply with commonsense protections.
As the headquarter of many of the world's largest financial companies, New York is essentially creating a cyber security policy that will affect the entire industry. Not only that, the state is also setting an example for other states that wish to follow their example and enact their own cyber security guidelines.
Get Ready for the DFS Cyber Security Compliance with Safe-T
The DFS may seem like it applies to a small universe of companies, until you realize that it also covers, by de-facto, every third-party vendor that provides services to these companies as well. In other words, it may be time to quickly check who your customers are and what may be expected of you.
Fortunately, Safe-T lets companies bring themselves into compliance with nearly any governance regime imaginable. Encrypting files, providing access controls, and leaving an audit trail are just a click away with the easy and flexible dashboard provided by Safe-T. Learn more about our organization and how we can help you get ready for any upcoming compliance requirements — download our Software-Defined Access white paper today!