Authentication, Financial Services, Information Security and Insurance

NYDFS settles cybersecurity regulation matter for $1.8 million

Data Protection Report

JUNE 2, 2021

On May 13, 2021, the New York Department of Financial Services (NYDFS) announced a $1.8 million settlement with two related insurance companies, relating to violations of two different requirements of the NYDFS cybersecurity regulation during the period 2018 to 2019. NYDFS Cybersecurity Regulation.

Cybersecurity

Cybersecurity Insurance Financial Services Phishing

U.S. and Foreign Cybersecurity and Intelligence Agencies Recommend Measures to Counteract Threat of Russian Cyberattacks

Data Matters

JANUARY 28, 2022

These recommendations are further detailed below, but two to note in particular: The Advisory recommends that organizations “require multi-factor authentication for all users, without exception.” Require multi-factor authentication (MFA) for all users.

Cybersecurity

Cybersecurity Financial Services Authentication Government

Cybersecurity Standards for the Insurance Sector – A New Patchwork Quilt in the US?

HL Chronicle of Data Protection

MAY 13, 2019

In the past two years, multiple state bills that have been introduced in the US to provide for cybersecurity requirements and standards to the insurance sector, with recent legislative activity taking place in particular within the States of Ohio, South Carolina, and Michigan. NYDFS: Setting a new bar for state cybersecurity regulation.

Insurance

Insurance Cybersecurity Data breaches Financial Services

UK FCA Consults on Changes to Strong Consumer Authentication, Dedicated Interfaces, and Guidance on Payment Services

Data Matters

FEBRUARY 25, 2021

This follows the FCA’s announcement in its 2020-21 business plan that payment services were one of its main supervisory priorities 1 and its temporary guidance of July 9, 2020, on prudential risk management and safeguarding in light of the COVID-19 pandemic ( Temporary COVID Guidance ). Authentication code.

Authentication

Authentication Paper Risk Insurance

Oracle Critical Patch Update for January 2022 will fix 483 new flaws

Security Affairs

JANUARY 17, 2022

.” The CPU will address critical vulnerabilities in Oracle Essbase, Graph Server and Client, Secure Backup, Communications Applications, Communications, Construction and Engineering, Enterprise Manager, Financial Services Applications, Fusion Middleware, Insurance Applications, PeopleSoft, Support Tools, and Utilities Applications.

Communications

Communications Financial Services Big data Retail

New York SHIELD Act $600,000 settlement

Data Protection Report

FEBRUARY 8, 2022

In total, information for approximately 2.1 According to the settlement agreement, the AG concluded that EyeMed’s security practices did not meet the requirements of the SHIELD Act with respect to four requirements: authentication, password management, logging and monitoring, and data retention in the email account. SHIELD Act.

Passwords

Passwords Financial Services Authentication Insurance

New York State Expected to Increase Enforcement of Cybersecurity Practices

HL Chronicle of Data Protection

FEBRUARY 25, 2020

Companies should take note of two imminent developments in New York in the area of cybersecurity regulation: enforcement of the New York Department of Financial Services (NYDFS) Cybersecurity Regulation (Regulation) and the effective date of the Stop Hacks and Improve Electronic Data Security Act (SHIELD Act or Act).

Cybersecurity

Cybersecurity Financial Services Data breaches Insurance

DOL Puts Plan Sponsors and Other Fiduciaries on Notice: ERISA Requires Appropriate Precautions to Mitigate Cybersecurity Threats

Data Matters

APRIL 20, 2021

DOL guidance provides a series of questions that should serve as a starting point for this review and includes topics such as the service provider’s information security standards, track record, cybersecurity insurance coverage, and cybersecurity validation techniques.

Cybersecurity

Cybersecurity Insurance Risk Compliance

NYDFS settles cybersecurity regulation matter for $3 million

Data Protection Report

APRIL 22, 2021

On April 14, 2021, the New York Department of Financial Services (NYDFS) announced a $3 million settlement with insurance company National Securities Corp. NSC), relating to violations of three different requirements of the NYDFS cybersecurity regulation during the period 2018 to 2020. NYDFS Cybersecurity Regulation.

Cybersecurity

Cybersecurity Financial Services Phishing Compliance

A massive phishing campaign using QR codes targets the energy sector

Security Affairs

AUGUST 16, 2023

Other top 4 targeted industries include Manufacturing, Insurance, Technology, and Financial Services seeing 15%, 9%, 7%, and 6% of the campaign traffic respectively.” Experts warn that the Energy sector was a major focus of this campaign, followed by manufacturing, and insurance. ” continues the report.

Phishing

Phishing Energy and Utilities Insurance Manufacturing

FTC Seeks Comment on Proposed Changes to its GLBA Safeguards and Privacy Rules

Data Matters

MARCH 12, 2019

The Safeguards Rule specifies that financial institutions subject to the FTC’s jurisdiction must develop, implement, and maintain a comprehensive information security program for handling customer data. Aligning the Safeguards Rule with State Regimes.

Privacy

Privacy IT Information Security Insurance

NYDFS settles with EyeMed for $4.5 million

Data Protection Report

OCTOBER 24, 2022

On October 18, 2022, the New York Department of Financial Services announced a settlement with EyeMed, a licensed life, accident, and health insurer, with respect to a security incident that occurred in 2020. The settlement requires EyeMed to pay $4.5 million, among other things. Background.

Cybersecurity

Cybersecurity Personal data Risk Financial Services

February 15 deadline looms for first DFS Cybersecurity Certification

Data Protection Report

FEBRUARY 8, 2018

February 15, 2018, is quickly approaching and any entity subject to New York’s cybersecurity regulation (23 NYCRR Part 500) must file its first annual certification of compliance with the New York State Department of Financial Services (DFS) by that date.

Cybersecurity

Cybersecurity Financial Services Compliance Insurance

Transition period under New York Cybersecurity Regulation ends March 1, 2019

Data Protection Report

JANUARY 7, 2019

The two-year transitional period under the New York State Department of Financial Services (“DFS””) Cybersecurity Regulation , 23 NYCRR 500 (the “Regulation”), will expire on March 1, 2019, with the final remaining requirement becoming effective.

Cybersecurity

Cybersecurity Compliance Financial Services Risk

FTC Seeks Comment on Proposed Changes to GLBA Implementing Rules

HL Chronicle of Data Protection

MARCH 14, 2019

Finally, the plan must require evaluation and revisions to it as necessary following a security event. Chief Information Security Officer (“CISO”). Specific information security measures. The proposed Rule is much more detailed in terms of security measures that FIs must implement.

Privacy

Privacy Risk Cybersecurity Information Security

FFIEC Guidance on Authentication and Access to Financial Institution Services and Systems

Data Matters

AUGUST 17, 2021

On August 11, 2021, the Federal Financial Institutions Examination Council (FFIEC)1 issued guidance establishing risk management principles and practices to support the authentication of users accessing a financial institution’s information systems and customers accessing a financial institution’s digital banking services (the Guidance).

Authentication

Authentication Access Risk Financial Services

MY TAKE: Identity ‘access’ and ‘governance’ tech converge to meet data protection challenges

The Last Watchdog

FEBRUARY 25, 2019

The IAM vendors took single sign-on to the next level, adding multi-factor authentication and other functionalities. Our customers all have the pain point of wanting to have single sign-on for multiple applications, requiring capabilities like self-service and self-registration,” Curcio told Last Watchdog.

Access

Access Government Authentication Data breaches

An Approach to Cybersecurity Risk Oversight for Corporate Directors

Data Matters

APRIL 23, 2018

Information security is not yet a science; outside of the handful of issues falling under the field of cryptography, there is no formalized system of classification. The most prepared cybersecurity programs of today will not attempt to implement a static, “out-of-the-box” solution to cyber risk. Principle 5.

Cybersecurity

Cybersecurity Risk Passwords Authentication

President Trump Signs Financial Services Regulatory Reform Legislation

Data Matters

JUNE 5, 2018

The definition of “banking entity” now excludes insured depository institutions (and their parent companies and affiliates) if (i) the institution has less than $10 billion in total consolidated assets and (ii) the institution’s trading assets and liabilities are less than 5 percent of its total consolidated assets.

Financial Services

Financial Services Insurance Privacy Authentication

Information Management Today

NYDFS settles cybersecurity regulation matter for $1.8 million

U.S. and Foreign Cybersecurity and Intelligence Agencies Recommend Measures to Counteract Threat of Russian Cyberattacks

Trending Sources

Cybersecurity Standards for the Insurance Sector – A New Patchwork Quilt in the US?

UK FCA Consults on Changes to Strong Consumer Authentication, Dedicated Interfaces, and Guidance on Payment Services

Oracle Critical Patch Update for January 2022 will fix 483 new flaws

New York SHIELD Act $600,000 settlement

New York State Expected to Increase Enforcement of Cybersecurity Practices

DOL Puts Plan Sponsors and Other Fiduciaries on Notice: ERISA Requires Appropriate Precautions to Mitigate Cybersecurity Threats

NYDFS settles cybersecurity regulation matter for $3 million

A massive phishing campaign using QR codes targets the energy sector

FTC Seeks Comment on Proposed Changes to its GLBA Safeguards and Privacy Rules

NYDFS settles with EyeMed for $4.5 million

February 15 deadline looms for first DFS Cybersecurity Certification

Transition period under New York Cybersecurity Regulation ends March 1, 2019

FTC Seeks Comment on Proposed Changes to GLBA Implementing Rules

FFIEC Guidance on Authentication and Access to Financial Institution Services and Systems

MY TAKE: Identity ‘access’ and ‘governance’ tech converge to meet data protection challenges

An Approach to Cybersecurity Risk Oversight for Corporate Directors

President Trump Signs Financial Services Regulatory Reform Legislation

Stay Connected