New York DFS highlights growing cybersecurity risks during COVID-19 pandemic

NYCRR Cybersecurity Risk Assessment COVID 19

New York DFS highlights growing cybersecurity risks during COVD-19 pandemic

There has been a rise in Cybersecurity threats due to the current pandemic. To address this, as of April 13th the New York Department of Financial Services (DFS) issued guidance to all New York State regulated entities to update their existing Cybersecurity policies and curb any potential risks or threats.

The published letter acknowledges the current situation and the rise of cybercrime and activity along with the restricted conditions businesses are functioning under which exposes them to a range of risks.

Key takeaways from the industry letter issued are:

Complimentary Cybersecurity Risk Assessment

Apply Now!

    All covered entities must assess and address risk identified as “Heightened Cybersecurity risk”. Regulated entities must report to the DFS within 72 hours.

    The guidance letter lays out “3 areas of heightened Cybersecurity risk”

    1. Remote working risks

    As employees are shifted to a work from home model, companies are asked to secure VPN, implement data loss prevention programs and better protect working and communication devices.

    1. Phishing and fraud-related risks

    Educate and remind employees on phishing attempts and procedures to follow. Companies also need to add or update authentication protocols for key actions like security and wire transfers.

    1. Third-party risks

    Third-party vendors are also affected by these risks and entities should work with critical vendors to re-evaluate and ensure their vendors are adequately addressing their risk.


    The disruptive nature of current events due to COVID-19 has given cybercriminals an opportunity to exploit the situation.  The DFS suggests “companies stay vigilant by following good cybersecurity practices, entities can identify, mitigate, and manage the risks.”  

    Read the full letter here:

    These are the times when everyone needs to be extra vigilante and the industry letter highlights the importance of cybersecurity risk assessment, regulation compliance, and best practices.

    CompCiti has been helping financial institutions regulated by the DFS with 23 NYCRR 500 compliance regulation and cybersecurity services to help protect data against rising threats. In these testing times, CompCiti is extending its support to all DFS regulated entities by offering complimentary Cybersecurity Risk Assessment. Please feel free to reach-out to us at [email protected] or 212-594-4374.