All covered entities must assess and address risk identified as “Heightened Cybersecurity risk”. Regulated entities must report to the DFS within 72 hours.
The guidance letter lays out “3 areas of heightened Cybersecurity risk”
As employees are shifted to a work from home model, companies are asked to secure VPN, implement data loss prevention programs and better protect working and communication devices.
Educate and remind employees on phishing attempts and procedures to follow. Companies also need to add or update authentication protocols for key actions like security and wire transfers.
Third-party vendors are also affected by these risks and entities should work with critical vendors to re-evaluate and ensure their vendors are adequately addressing their risk.
The disruptive nature of current events due to COVID-19 has given cybercriminals an opportunity to exploit the situation. The DFS suggests “companies stay vigilant by following good cybersecurity practices, entities can identify, mitigate, and manage the risks.”
Read the full letter here: https://www.dfs.ny.gov/industry_guidance/industry_letters/il20200413_covid19_cybersecurity_awareness
These are the times when everyone needs to be extra vigilante and the industry letter highlights the importance of cybersecurity risk assessment, regulation compliance, and best practices.
CompCiti has been helping financial institutions regulated by the DFS with 23 NYCRR 500 compliance regulation and cybersecurity services to help protect data against rising threats. In these testing times, CompCiti is extending its support to all DFS regulated entities by offering complimentary Cybersecurity Risk Assessment. Please feel free to reach-out to us at [email protected] or 212-594-4374.