Complying with Latest Amendments to NYDFS Cybersecurity Regulations
On November 1st, 2023, the New York Department of Financial Services (NYDFS) released the Second Amendment to Cybersecurity Regulation, 23 NYCRR Part 500. Unless otherwise specified, covered entities have 180 days from the date of adoption to come into compliance, or until April 29, 2024.
For many covered entities, there are significant changes that they should be aware of, including:
- Covered entities must increase their use of multi-factor authentication (MFA), maintain an asset inventory, and operationalize policies through developed procedures.
- Expansion of when cybersecurity incidents require NYDFS notice, including after extortion payments have been made and after deployment of ransomware.
- Senior officers must have sufficient knowledge to oversee the company’s cybersecurity program, and both the CISO and the highest-ranking executive must certify compliance annually.
What do these now-final changes mean for financial institutions? Perhaps more than you may think. Banks, credit unions, and other financial entities will need to review and, in some cases, revamp certain parts of their cybersecurity programs and policies. Failing to do so could result in falling out of compliance.
In this webinar, we will be highlighting the importance of MFA as a vital security measure that numerous organizations have been aware of but may not have fully implemented.
What You’ll Learn in this Webinar:
- The ins and outs of the new, finalized second amendment to the Cybersecurity Regulation
- The impact of the amendment on your financial institution
- How to provide MFA for all key applications and remove the need for exceptions
- How to rollout MFA promptly to minimize gaps in coverage
- How to provide MFA for in-scope use cases like Remote Access, Privileged Accounts, access to PCI, and 3rd Party access to Nonpublic information
- Best practices for staying nimble and up to date on changing cybersecurity regulations