Authentication, Compliance and Financial Services

Defending Financial Services Against Fraud in a Shifting Cyber Landscape

Thales Cloud Protection & Licensing

NOVEMBER 13, 2023

Defending Financial Services Against Fraud in a Shifting Cyber Landscape sparsh Tue, 11/14/2023 - 05:05 As we approach International Fraud Awareness Week during 12-18 November 2023, taking stock of the evolving threat landscape and the vulnerabilities that financial services organizations face is crucial.

Financial Services

Financial Services Blockchain Encryption Cloud

IBM Cloud releases 2023 IBM Cloud for Financial Services Agreed-Upon Procedures (AUP) Report

IBM Big Data Hub

MAY 23, 2023

The review report demonstrates to its clients, partners and other interested parties that IBM Cloud services have implemented and adhere to the technical, administrative and physical control requirements of IBM Cloud Framework for Financial Services. What is the IBM Cloud Framework for Financial Services?

Financial Services

Financial Services Cloud Compliance Risk

DORA: 1 year to go! Key recommendations for Financial Services to improve cybersecurity and resilience in multi-clouds

Thales Cloud Protection & Licensing

JANUARY 16, 2024

Key recommendations for Financial Services to improve cybersecurity and resilience in multi-clouds madhav Wed, 01/17/2024 - 05:46 The Digital Operational Resilience Act (DORA) will apply to the EU financial sector from 17 January 2025. As set out in its Article 2, DORA applies to the entire financial services sector.

Financial Services

Financial Services Cloud Cybersecurity Encryption

NYDFS releases major update to Part 500 cybersecurity requirements for financial services companies

Data Protection Report

NOVEMBER 8, 2023

On November 1, 2023, the New York Department of Financial Services (“NYDFS”) released the finalized amendments of Part 500 of its cybersecurity regulations. In particular, the new rules provide that the CISO and the highest-ranking executive of the covered entities must file annually a notice of compliance with the NYDFS (500.17(b)(2)).

Financial Services

Financial Services Cybersecurity Compliance Government

The Evolving Legislative and Compliance Landscape: A Roadmap for Business Leaders

Thales Cloud Protection & Licensing

APRIL 29, 2024

The Evolving Legislative and Compliance Landscape: A Roadmap for Business Leaders madhav Tue, 04/30/2024 - 05:32 Trust is the currency of the digital economy. Business leaders must navigate this constantly evolving regulatory environment to maintain compliance, protect their organizations, and safeguard the trust of their customers.

Compliance

Compliance Cybersecurity Risk Manufacturing

NYDFS Amends Cybersecurity Rules for Financial Services Companies

Hunton Privacy

NOVEMBER 23, 2022

On November 9, 2022, the New York Department of Financial Services (NYDFS) released its second, proposed amendments to the Part 500 Cybersecurity Rule. Multifactor Authentication. The proposed amendments revise several aspects of the draft Cybersecurity Rule amendments released on July 29, 2022.

Financial Services

Financial Services Cybersecurity Ransomware Compliance

The Clock is Ticking for PCI DSS 4.0 Compliance

Thales Cloud Protection & Licensing

SEPTEMBER 18, 2023

Compliance madhav Tue, 09/19/2023 - 05:17 It is essential for any business that stores, processes, and transmits payment card information to comply with the Payment Card Industry Data Security Standard (PCI DSS). According to the 2022 Thales Data Threat Report – Financial Services Edition , 52% of U.S.

Compliance

Compliance Financial Services Data breaches Encryption

The Most Popular Data Security Webinars of 2022: Sovereignty, Cloud Security and Compliance Top the List

Thales Cloud Protection & Licensing

JANUARY 11, 2023

The Most Popular Data Security Webinars of 2022: Sovereignty, Cloud Security and Compliance Top the List. Throughout 2022, Thales hosted more than 40 webinars on a wide variety of cybersecurity topics, including, cloud security, data sovereignty, compliance, data threat trends, and rethinking approaches to role-based authentication.

Compliance

Compliance Cloud Security Financial Services

New York Department of Financial Services Released New Guidance Addressing COVID-19 Related Cybersecurity Risks

HL Chronicle of Data Protection

APRIL 17, 2020

Continuing its focus on COVID-19’s impact on its regulated entities, on April 13, the New York Department of Financial Services (NYDFS) released new cybersecurity guidance in response to the COVID-19 pandemic. However, this shift has created new cybersecurity vulnerabilities and expanded the endpoints that criminals can target.

Financial Services

Financial Services Risk Cybersecurity Phishing

Identifying E-signature Requirements to Accelerate Digital Adoption and Meet Global Compliance

AIIM

OCTOBER 15, 2018

In a recent AIIM webinar, Craig Le Clair, Forrester VP and Principle Analyst, and Florian Vondal, Allianz Solution Architect, took a closer look at the “esign of the times” and what must be considered when attempting to accelerate e-signature adoption enterprise-wide and meet global compliance.

Compliance

Compliance Insurance Digital transformation Authentication

Black Friday and Cyber Weekend: Navigating the Tumultuous Waters of Retail Cybersecurity

Thales Cloud Protection & Licensing

NOVEMBER 20, 2023

The IBM 2023 Cost of a Data Breach Report , for example, highlights the continuous financial burden on retailers, which, coupled with potential reputational damage, emphasizes the dire need for retailers to prioritize and bolster their cybersecurity measures. For retailers, this poses a two-pronged challenge. The benefits are twofold.

Retail

Retail Cybersecurity Financial Services Encryption

NYDFS Imposes Fine of $5 Million on Carnival for Cybersecurity Breaches

Hunton Privacy

JULY 1, 2022

On June 24, 2022, the New York State Department of Financial Services (“NYDFS” or the “Department”) announced it had entered into a $5 million settlement with Carnival Corp.

Cybersecurity

Cybersecurity Insurance Phishing Financial Services

GUEST ESSAY: 7 tips for protecting investor data when it comes to alternative asset trading

The Last Watchdog

JULY 11, 2023

Enforce a culture of strong passwords, two-factor authentication and responsible data access practices to foster a security-conscious culture. He has over 25 years of global leadership experience within the financial services industry, having spearheaded development across Electronic Trading, OMS, Risk, Compliance and Data.

IT

IT Encryption Risk Financial Services

Navigating the digital wave: Understanding DORA and the role of confidential computing

IBM Big Data Hub

FEBRUARY 5, 2024

The Digital Operational Resilience Act (DORA) marks a significant milestone in the European Union’s (EU) efforts to bolster the operational resilience of the financial sector in the digital age. Article 7 of the draft RTS delves into cryptographic key management, emphasizing the importance of lifecycle management for cryptographic keys.

Encryption

Encryption Data Privacy Compliance Cloud

UK FCA Consults on Changes to Strong Consumer Authentication, Dedicated Interfaces, and Guidance on Payment Services

Data Matters

FEBRUARY 25, 2021

This follows the FCA’s announcement in its 2020-21 business plan that payment services were one of its main supervisory priorities 1 and its temporary guidance of July 9, 2020, on prudential risk management and safeguarding in light of the COVID-19 pandemic ( Temporary COVID Guidance ). Authentication code.

Authentication

Authentication Paper Risk Insurance

NYDFS settles cybersecurity regulation matter for $1.8 million

Data Protection Report

JUNE 2, 2021

On May 13, 2021, the New York Department of Financial Services (NYDFS) announced a $1.8 The regulation includes an annual certification of compliance, to be filed with NYDFS. The regulation includes an annual certification of compliance, to be filed with NYDFS. NYDFS Cybersecurity Regulation.

Cybersecurity

Cybersecurity Insurance Financial Services Phishing

NYDFS Proposes Updated Second Amendment to Its Cybersecurity Regulation

Hunton Privacy

JULY 5, 2023

On June 28, 2023, the New York Department of Financial Services (“NYDFS”) published an updated proposed Second Amendment (“Amendment”) to its Cybersecurity Regulation, 23 NYCRR Part 500. In the updated proposed Amendment, NYDFS has proposed narrowing the scope of the certification to material compliance.

Cybersecurity

Cybersecurity IT Compliance Financial Services

Tackling Data Sovereignty with DDR

Security Affairs

JUNE 20, 2023

Various data sovereignty challenges arise for many businesses, such as cross-border data transfers, compliance with differing data protection laws, and protecting sensitive information from unauthorized access. Organizations adopting DDR should prioritize integrating these components within their cybersecurity infrastructure.

Compliance

Compliance Cybersecurity Risk Encryption

NYDFS settles cybersecurity regulation matter for $3 million

Data Protection Report

APRIL 22, 2021

On April 14, 2021, the New York Department of Financial Services (NYDFS) announced a $3 million settlement with insurance company National Securities Corp. Finally, the regulation includes an annual certification of compliance, to be filed with NYDFS. NYDFS Cybersecurity Regulation.

Cybersecurity

Cybersecurity Financial Services Phishing Compliance

New York SHIELD Act $600,000 settlement

Data Protection Report

FEBRUARY 8, 2022

According to the settlement agreement, the AG concluded that EyeMed’s security practices did not meet the requirements of the SHIELD Act with respect to four requirements: authentication, password management, logging and monitoring, and data retention in the email account. SHIELD Act.

Passwords

Passwords Financial Services Authentication Insurance

Risk Management under the DORA Regulation

IT Governance

NOVEMBER 23, 2023

Perhaps even more concerning to EU lawmakers is how dependent society at large is on banking and other financial services. In turn, financial institutions heavily depend on ICT to be able to provide those services to begin with. Authenticity : The validity of the asset cannot be denied.

Risk

Risk Data breaches Authentication Financial Services

FFIEC Updates Its Cybersecurity Guidelines For Financial Institutions

ForAllSecure

JANUARY 31, 2023

Therefore, the FFIEC provides guidance on financial regulations and best practices for federal supervisory agencies, as well as helping them develop exam policies for banks, savings associations, credit unions, thrifts, and other financial institutions. Development Speed or Code Security. Why Not Both?

Cybersecurity

Cybersecurity IT Financial Services Risk

New York State Expected to Increase Enforcement of Cybersecurity Practices

HL Chronicle of Data Protection

FEBRUARY 25, 2020

Companies should take note of two imminent developments in New York in the area of cybersecurity regulation: enforcement of the New York Department of Financial Services (NYDFS) Cybersecurity Regulation (Regulation) and the effective date of the Stop Hacks and Improve Electronic Data Security Act (SHIELD Act or Act).

Cybersecurity

Cybersecurity Financial Services Data breaches Insurance

NYDFS Cybersecurity Regulations: A glimpse into the future

Thales Cloud Protection & Licensing

NOVEMBER 27, 2018

The cybersecurity regulation ( 23 NYCRR 500 ) adopted by the New York State Department of Financial Services (NYDFS) is nearly two years old. Leading up to that date, companies have had to meet several milestones including hiring a CISO, encrypting all its non-public consumer data and enabling multi-factor authentication.

Cybersecurity

Cybersecurity Financial Services Encryption Data Privacy

Transition period under New York Cybersecurity Regulation ends March 1, 2019

Data Protection Report

JANUARY 7, 2019

The two-year transitional period under the New York State Department of Financial Services (“DFS””) Cybersecurity Regulation , 23 NYCRR 500 (the “Regulation”), will expire on March 1, 2019, with the final remaining requirement becoming effective. Third-party service provider risk management program.

Cybersecurity

Cybersecurity Compliance Financial Services Risk

GUEST ESSAY: ‘Continuous authentication’ is driving passwordless sessions into the mainstream

The Last Watchdog

DECEMBER 6, 2022

Much more effective authentication is needed to help protect our digital environment – and make user sessions smoother and much more secure. Underscoring this trend, Uber was recently hacked — through its authentication system. The best possible answer is coming from biometrics-based passwordless, continuous authentication.

Authentication

Authentication Passwords Artificial Intelligence Financial Services

Multi-Factor Authentication Best Practices & Solutions

eSecurity Planet

OCTOBER 5, 2021

Passwords are the most common authentication tool used by enterprises, yet they are notoriously insecure and easily hackable. At this point, multi-factor authentication (MFA) has permeated most applications, becoming a minimum safeguard against attacks. Jump to: What is multi-factor authentication? MFA can be hacked.

Authentication

Authentication Passwords Access Computer and Electronics

DOL Puts Plan Sponsors and Other Fiduciaries on Notice: ERISA Requires Appropriate Precautions to Mitigate Cybersecurity Threats

Data Matters

APRIL 20, 2021

A formal vendor selection program that maintains records of vendors’ responses to the questions would further strengthen the program’s maturity and the plan sponsor’s ability to demonstrate compliance with the Cybersecurity Guidance.

Cybersecurity

Cybersecurity Insurance Risk Compliance

February 15 deadline looms for first DFS Cybersecurity Certification

Data Protection Report

FEBRUARY 8, 2018

February 15, 2018, is quickly approaching and any entity subject to New York’s cybersecurity regulation (23 NYCRR Part 500) must file its first annual certification of compliance with the New York State Department of Financial Services (DFS) by that date. The certificate is to be submitted electronically at the DFS Web Portal.

Cybersecurity

Cybersecurity Financial Services Compliance Insurance

Developments in Health Privacy and Cybersecurity Policy and Regulation: OCR Issues Cybersecurity Warnings and New Health Data Legislation Is Introduced

Data Matters

MARCH 28, 2022

implement stronger authentication solutions, such as multi-factor authentication. Companies can track developments on the bill here and evaluate their own health care data privacy and cybersecurity risks and compliance concerns. 45 CFR 164.308(a)(5)(i).

Cybersecurity

Cybersecurity Privacy Insurance Risk

NYDFS settles with EyeMed for $4.5 million

Data Protection Report

OCTOBER 24, 2022

On October 18, 2022, the New York Department of Financial Services announced a settlement with EyeMed, a licensed life, accident, and health insurer, with respect to a security incident that occurred in 2020. Nevertheless, EyeMed certified its compliance with the Cybersecurity Regulation annually, from 2018-2021. Background.

Cybersecurity

Cybersecurity Personal data Risk Financial Services

Netsparker Product Review

eSecurity Planet

FEBRUARY 8, 2021

Across all plans, Netsparker generates clean, powerful reports that can be used to understand technical details and meet compliance requirements. Authentication support Yes Yes Yes. Compliance reports Yes Yes Yes. Financial Services: ING. Netsparker plans. Integrations with third-party platforms No Yes Yes.

Financial Services

Financial Services Compliance Sales Education

Top 12 Cloud Security Best Practices for 2021

eSecurity Planet

SEPTEMBER 10, 2021

What authentication methods does the provider support? What compliance requirements does the provider support? Additionally, multi-factor authentication (MFA) can further reduce the risk of malicious actors gaining access to sensitive information, even if they manage to steal usernames and passwords.

Cloud

Cloud Security Encryption Risk

What is Cybersecurity Risk Management?

eSecurity Planet

FEBRUARY 11, 2022

Maintaining Regulatory Compliance. Some organizations such as financial services firms and healthcare organizations, have regulatory concerns in addition to business concerns that need to be addressed in a cybersecurity risk management system. Also read : Top Governance, Risk, and Compliance (GRC) Tools for 2022.

Risk

Risk Cybersecurity Encryption Access

NYDFS Requires COVID-19 Plans by April 9

Data Protection Report

APRIL 2, 2020

On March 10, 2020, the New York Department of Financial Services (NYDFS) issued guidance to all of its regulated institutions engaged in virtual currency business activity, requiring them to have plans for preparedness to manage the possible operational and financial risks posed by the COVID-19 pandemic.

Risk

Risk Communications Authentication Financial Services

Proposed Amendments to NY Financial Services Cybersecurity Regulations Impose New Obligations on Large Entities, Boards of Directors and CISOs

Hunton Privacy

AUGUST 15, 2022

On July 29, 2022, the New York Department of Financial Services (“NYDFS”) posted proposed amendments (“Proposed Amendments”) to its Cybersecurity Requirements for Financial Services Companies (“Cybersecurity Regulations”).

Financial Services

Financial Services Cybersecurity Risk Passwords

Turning Aspiration into Action to Protect Financial Institutions

Thales Cloud Protection & Licensing

DECEMBER 4, 2019

Data security professionals also make ambitious plans, but implementation rates are too low – a key finding in the 2019 Thales Data Threat Report-Financial Services Edition. Here’s a look at four common issues highlighted in the 2019 Thales Data Threat Report-Financial Services Edition and tips for overcoming them.

Financial Services

Financial Services Encryption Cloud Digital transformation

FTC Seeks Comment on Proposed Changes to its GLBA Safeguards and Privacy Rules

Data Matters

MARCH 12, 2019

Of particular note, the Safeguards Rule NPRM proposes to align the FTC’s requirements with those of the New York Department of Financial Services (“NYDFS”), as found in its cybersecurity regulations, and the National Association of Insurance Commissioners (“NAIC”), as found in its insurance data security model law.

Privacy

Privacy IT Information Security Insurance

New York Updates Cybersecurity Regulation for Financial Institutions

Hunton Privacy

JANUARY 3, 2017

On December 28, 2016, the New York State Department of Financial Services (“DFS”) announced an updated version of its cybersecurity regulation for financial institutions (the “Updated Regulation”). The Updated Regulation will become effective on March 1, 2017.

Cybersecurity

Cybersecurity Financial Services Authentication Information Security

New York’s Breach Law Amendments and New Security Requirements

Data Protection Report

OCTOBER 1, 2019

Biometric information that is used to authenticate or ascertain the individual identity. This change is consistent with the New York Attorney General’s position since 2017, which found that many popular websites permitted purchases to be made with credit cards without requiring security codes.

Security

Security Financial Services Passwords Risk

Integrating Long-Term Digital Preservation into Your Information Governance Program: First Steps

Preservica

NOVEMBER 6, 2017

I recently spoke with the IG director for a global financial services firm about progress in addressing long-term digital information. Leadership is aware that secure, authenticated access to digital information is vital for decision making, meeting compliance and legal requirements, and sustaining client relationships.

Digital preservation

Digital preservation Information governance Government Archiving

Cybersecurity Standards for the Insurance Sector – A New Patchwork Quilt in the US?

HL Chronicle of Data Protection

MAY 13, 2019

For example, the New York Department of Financial Services (‘NYDFS’) in March 2017 issued its Cybersecurity Regulation (23 NYCRR 500) (‘the NYDFS Cybersecurity Regulation’), a groundbreaking and far-reaching regulatory regime focused on financial institutions licensed in New York, including insurance companies.

Insurance

Insurance Cybersecurity Data breaches Financial Services

Doing Digital Right (A Book Review)

Information is Currency

DECEMBER 1, 2017

An example of lowering cost through improving internal products is in financial services where artificial intelligence reduce manual effort in areas such as financial advice and basic legal services. Companies are moving toward automated and continuous monitoring and the ability to report compliance at any moment.

Records Management

Records Management Artificial Intelligence e-Delivery Computer and Electronics

The Hacker Mind Podcast: Hacking APIs

ForAllSecure

JUNE 16, 2021

And in May of 2021 Researchers disclosed that the Peloton API authentication was broken. Wilde: Now, for me the storyline was interesting right so when it was reported I think in late January, it was completely open right like this is right no authentication at all because well we didn't tell anybody about it.

Authentication

Authentication Communications IoT Security

Defending Financial Services Against Fraud in a Shifting Cyber Landscape

IBM Cloud releases 2023 IBM Cloud for Financial Services Agreed-Upon Procedures (AUP) Report

Trending Sources

DORA: 1 year to go! Key recommendations for Financial Services to improve cybersecurity and resilience in multi-clouds

NYDFS releases major update to Part 500 cybersecurity requirements for financial services companies

The Evolving Legislative and Compliance Landscape: A Roadmap for Business Leaders

NYDFS Amends Cybersecurity Rules for Financial Services Companies

The Clock is Ticking for PCI DSS 4.0 Compliance

The Most Popular Data Security Webinars of 2022: Sovereignty, Cloud Security and Compliance Top the List

New York Department of Financial Services Released New Guidance Addressing COVID-19 Related Cybersecurity Risks

Identifying E-signature Requirements to Accelerate Digital Adoption and Meet Global Compliance

Black Friday and Cyber Weekend: Navigating the Tumultuous Waters of Retail Cybersecurity

NYDFS Imposes Fine of $5 Million on Carnival for Cybersecurity Breaches

GUEST ESSAY: 7 tips for protecting investor data when it comes to alternative asset trading

Navigating the digital wave: Understanding DORA and the role of confidential computing

UK FCA Consults on Changes to Strong Consumer Authentication, Dedicated Interfaces, and Guidance on Payment Services

NYDFS settles cybersecurity regulation matter for $1.8 million

NYDFS Proposes Updated Second Amendment to Its Cybersecurity Regulation

Tackling Data Sovereignty with DDR

NYDFS settles cybersecurity regulation matter for $3 million

New York SHIELD Act $600,000 settlement

Risk Management under the DORA Regulation

FFIEC Updates Its Cybersecurity Guidelines For Financial Institutions

New York State Expected to Increase Enforcement of Cybersecurity Practices

NYDFS Cybersecurity Regulations: A glimpse into the future

Transition period under New York Cybersecurity Regulation ends March 1, 2019

GUEST ESSAY: ‘Continuous authentication’ is driving passwordless sessions into the mainstream

Multi-Factor Authentication Best Practices & Solutions

DOL Puts Plan Sponsors and Other Fiduciaries on Notice: ERISA Requires Appropriate Precautions to Mitigate Cybersecurity Threats

February 15 deadline looms for first DFS Cybersecurity Certification

Developments in Health Privacy and Cybersecurity Policy and Regulation: OCR Issues Cybersecurity Warnings and New Health Data Legislation Is Introduced

NYDFS settles with EyeMed for $4.5 million

Netsparker Product Review

Top 12 Cloud Security Best Practices for 2021

What is Cybersecurity Risk Management?

NYDFS Requires COVID-19 Plans by April 9

Proposed Amendments to NY Financial Services Cybersecurity Regulations Impose New Obligations on Large Entities, Boards of Directors and CISOs

Turning Aspiration into Action to Protect Financial Institutions

FTC Seeks Comment on Proposed Changes to its GLBA Safeguards and Privacy Rules

New York Updates Cybersecurity Regulation for Financial Institutions

New York’s Breach Law Amendments and New Security Requirements

Integrating Long-Term Digital Preservation into Your Information Governance Program: First Steps

Cybersecurity Standards for the Insurance Sector – A New Patchwork Quilt in the US?

Doing Digital Right (A Book Review)

The Hacker Mind Podcast: Hacking APIs

Stay Connected