Cybersecurity, Data, Data breaches and Financial Services

NYDFS releases major update to Part 500 cybersecurity requirements for financial services companies

Data Protection Report

NOVEMBER 8, 2023

On November 1, 2023, the New York Department of Financial Services (“NYDFS”) released the finalized amendments of Part 500 of its cybersecurity regulations. Some requirements also apply specifically to larger covered entities falling under the “Class A companies” category.

Financial Services

Financial Services Cybersecurity Compliance Government

Security Compliance & Data Privacy Regulations

eSecurity Planet

AUGUST 9, 2022

Regulatory compliance and data privacy issues have long been an IT security nightmare. And since the EU’s General Data Protection Regulation (GDPR) took effect May 25, 2018, IT compliance issues have been at the forefront of corporate concerns. GDPR-style data privacy laws came to the U.S. Healthcare Data Privacy Laws.

Data Privacy

Data Privacy Compliance Privacy Security

New York Enacts Stricter Data Cybersecurity Laws

Data Matters

AUGUST 5, 2019

On July 25, 2019, Governor Cuomo signed the two bills into law, one which amended the state’s data breach notification law, and another that created additional obligations for data breaches at credit reporting agencies. The Stop Hacks and Improve Electronic Data Security Act.

Cybersecurity

Cybersecurity Data breaches Privacy Risk

Webinars

Generative AI Deep Dive: Advancing from Proof of Concept to Production

MORE WEBINARS

NEW TECH: This free tool can help gauge, manage third-party cyber risk; it’s called ‘VRMMM’

The Last Watchdog

JANUARY 30, 2019

Late last year, Atrium Health disclosed it lost sensitive data for some 2.65 The culprit: lax practices of a third-party data and analytics contractor. Related: Atrium Health breach highlights third-party risks. There is impetus for change – beyond the fear of sustaining a major data breach. Uphill battle.

Risk

Risk Financial Services Insurance Cybersecurity

The Privacy Officers’ New Year’s Resolutions

Data Protection Report

JANUARY 6, 2020

2020 could well be a year of data export turmoil – so brace yourself! Although the AG’s view was that the SCCs are valid, he suggested that those using them would need to examine the national security laws of the data importer’s jurisdiction to determine whether they can in fact comply with the terms of the SCCs.

Privacy

Privacy GDPR Data breaches Risk

Cybersecurity: Managing Risks With Third Party Companies

Cyber Info Veritas

JULY 19, 2018

Did you know that 63% of all data breaches are directly or indirectly linked to third party companies? Benjamin Lawsky, “ A company’s cybersecurity is only as strong as the cybersecurity of its third-party vendors ”. Let us get started with how third-party data breach occurs. What data do they use?

Risk

Risk Cybersecurity Compliance Data breaches

The Privacy Officers’ New Year’s Resolutions

Data Protection Report

JANUARY 6, 2020

2020 could well be a year of data export turmoil – so brace yourself! Although the AG’s view was that the SCCs are valid, he suggested that those using them would need to examine the national security laws of the data importer’s jurisdiction to determine whether they can in fact comply with the terms of the SCCs.

Privacy

Privacy GDPR Data breaches Risk

Top 12 Cloud Security Best Practices for 2021

eSecurity Planet

SEPTEMBER 10, 2021

For many organizations, the idea of storing data or running applications on infrastructure that they do not manage directly seems inherently insecure. According to IDC’s 2021 State of Cloud Security Report , 79 percent of surveyed companies reported a cloud data breach in the last 18 months. What is cloud security?

Cloud

Cloud Security Encryption Risk

Summary – “Industry in One: Financial Services”

ARMA International

NOVEMBER 7, 2019

The scope of a records and information management (RIM) program in financial services can seem overwhelming. Compared to other industries, the complexities of managing records and information in financial services are arguably some of the toughest to solve, primarily because of the intense regulatory scrutiny.

Financial Services

Financial Services Communications Compliance Risk

New York’s Breach Law Amendments and New Security Requirements

Data Protection Report

OCTOBER 1, 2019

New York was among the majority of states whose breach law focused on acquisition of personal data (including Social Security Number, driver’s license number, or credit card number and security code). Data Security Protections. by a person without valid authorization or by an unauthorized person. Law § 899-bb).

Security

Security Financial Services Passwords Risk

CyberheistNews Vol 13 #25 [Fingerprints All Over] Stolen Credentials Are the No. 1 Root Cause of Data Breaches

KnowBe4

JUNE 20, 2023

1 Root Cause of Data Breaches Verizon's DBIR always has a lot of information to unpack, so I'll continue my review by covering how stolen credentials play a role in attacks. So, what does the report say about the most common threat actions that are involved in data breaches? million simulated phishing security tests.

Data breaches

Data breaches Phishing Security awareness Ransomware

An Approach to Cybersecurity Risk Oversight for Corporate Directors

Data Matters

APRIL 23, 2018

Recent guidance from the Securities and Exchange Commission (SEC) on disclosure and enforcement actions by the Federal Trade Commission (FTC) make clear that cybersecurity is no longer a niche topic, but a concern significant enough to warrant the oversight of corporate boards of directors. Creating an enterprise-wide governance structure.

Cybersecurity

Cybersecurity Risk Passwords Authentication

SHARED INTEL: Akamai reports web attack traffic spiked 62 percent in 2020 — all sectors hit hard

The Last Watchdog

MAY 24, 2021

Related: DHS launches 60-day cybersecurity sprints. billion hitting financial services organizations — an increase of more than 45 percent year-over-year in that sector. billion web app attacks last year, with more than 736 million targeting financial services. A: You’re right. It is astronomical.

Financial Services

Financial Services Passwords Data breaches Authentication

Comments Sought on Proposed Rulemaking: Computer-Security Incident Notification Requirements for Banking Organizations and Their Bank Service Providers

Data Matters

DECEMBER 23, 2020

Generally, if finalized, the NPR would require banking organizations and bank service providers (each, as defined further below) to provide accelerated notices of certain cybersecurity and related events. The agencies did not appear to rely on industry cybersecurity threat reports in determining this number.

Security

Security Cybersecurity Insurance Communications

Congress Agrees – 72 Hour Cyber Incident Reporting Requirement to Take Effect

Data Protection Report

MARCH 16, 2022

The Act will require a “covered entity” to report any “substantial cyber incident” to the Cybersecurity and Infrastructure Security Agency (“CISA”) within 72 hours after the covered entity reasonably believes the incident has occurred. Reporting Requirements. CISA will then coordinate further sharing of the report.

Ransomware

Ransomware FOIA Agriculture Cybersecurity

CPRA Becomes the New Standard. Are You Ready?

Thales Cloud Protection & Licensing

NOVEMBER 30, 2020

It amends the California Consumer Privacy Act (CCPA) and goes into effect January 1, 2023, for all data collected starting January 1, 2022 1. The National Law Review notes “Under the CPRA, certain new rights and compliance burdens will attach to a new category of personal information called ‘sensitive personal information.’”

Privacy

Privacy GDPR Compliance Data breaches

Top Cybersecurity Startups to Watch in 2022

eSecurity Planet

JANUARY 11, 2022

Information security products , services, and professionals have never been in higher demand, making for a world of opportunities for cybersecurity startups. Investors recognize the potential too, as funding for cybersecurity ventures more than doubled from previous years to almost $22 billion in 2021. Series B SECURITI.ai

Cybersecurity

Cybersecurity Cloud Compliance Analytics

Best Network Security Tools 2021

eSecurity Planet

MAY 27, 2021

Maintaining the integrity of networks and data is a critical consideration for every organization. Since then, the McAfee MVISION Cloud solution offers agentless data loss prevention (DLP) to large enterprises. Trend Micro is also a global leader in cybersecurity. Cloud access security broker (CASB): McAfee. billion in May 2021.

Security

Security Cloud Analytics Access

Information Management Today

NYDFS releases major update to Part 500 cybersecurity requirements for financial services companies

Security Compliance & Data Privacy Regulations

Webinars

Trending Sources

New York Enacts Stricter Data Cybersecurity Laws

Webinars

NEW TECH: This free tool can help gauge, manage third-party cyber risk; it’s called ‘VRMMM’

The Privacy Officers’ New Year’s Resolutions

Cybersecurity: Managing Risks With Third Party Companies

The Privacy Officers’ New Year’s Resolutions

Top 12 Cloud Security Best Practices for 2021

Summary – “Industry in One: Financial Services”

New York’s Breach Law Amendments and New Security Requirements

CyberheistNews Vol 13 #25 [Fingerprints All Over] Stolen Credentials Are the No. 1 Root Cause of Data Breaches

An Approach to Cybersecurity Risk Oversight for Corporate Directors

SHARED INTEL: Akamai reports web attack traffic spiked 62 percent in 2020 — all sectors hit hard

Comments Sought on Proposed Rulemaking: Computer-Security Incident Notification Requirements for Banking Organizations and Their Bank Service Providers

Congress Agrees – 72 Hour Cyber Incident Reporting Requirement to Take Effect

CPRA Becomes the New Standard. Are You Ready?

Top Cybersecurity Startups to Watch in 2022

Best Network Security Tools 2021

Stay Connected