GDPR: Data Privacy Laws in Financial Services

Perficient Data & Analytics

My previous blog post addresses the reasons for the regulation and the requirements associated with the New York State Department of Financial Services (NYDFS) 23 NYCRR 500. Data protection must be designed into the development of business processes for products and services.

NYDFS 500 and GDPR in Financial Services – Actions to Take Now

Perficient Data & Analytics

The first step any financial institution must take in its response to the laws is to evaluate its exposure and current capabilities in protecting sensitive business and customer data. Implement: Technical services are required to create/ update cybersecurity policies and procedures.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Kali Project Encryption and Isolation Using Vagrant and BitLocker

Perficient Data & Analytics

Create a BitLocker-protected virtual drive to provide “encryption at rest” data protection for your project files and data portability for archival purposes. Once the disk is mounted, the script invokes the BitLocker utility to encrypt the drive.

NYDFS 500: Why the Regulation?

Perficient Data & Analytics

Previously, I discussed data privacy laws, specifically involving New York State Department of Financial Services (NYDFS) 23 NYCRR 500. For more information on NYDFS 500 and GDPR laws and regulations on the financial services industry, please download our guide here , or click below.

Slack Launched Encryption Key Addon For Businesses

Security Affairs

Slack announced today to launch encryption keys that will help businesses to protect their data. Slack announced today to launch encryption keys that will help businesses to protect their data. Slack announced today to launch encryption keys that will help businesses to protect their data. What is the purpose of Enterprise Key Management if Slack really encrypts the data? Slack currently encrypts your data in transit and at rest.

What You Need to Know About Storing Financial Data in the Cloud

InfoGoTo

In light of recent malware attacks that affected financial services customers’ data stored in the cloud, organizations should take a hard look at how they’re securing their financial information. Financial Services cloud financial information malware storage

Emergence of Blockchain in Finance Requires Secure, Streamlined Data Management

InfoGoTo

Blockchain in finance is advancing as financial services providers and regulators look into the different ways cryptocurrencies will impact payments, value exchange and other elements of the financial landscape.

DataStax Advanced Security : Eat your vegetables first

Perficient Data & Analytics

Sarbanes Oxley, Basel II, the Health Insurance Portability and Accountability Act (HIPAA), the General Data Protection Regulation (GDPR), and the Payment Card Industry Data Security Standard (PCI DSS) expose regulated industries to substantial reputational and financial risk. Cassandra’s TLS/SSL encryption is available between both the client and the database cluster as well as intra-node to provide for encryption for data in-flight. encryption.

Cybersecurity Standards for the Insurance Sector – A New Patchwork Quilt in the US?

HL Chronicle of Data Protection

For example, the New York Department of Financial Services (‘NYDFS’) in March 2017 issued its Cybersecurity Regulation (23 NYCRR 500) (‘the NYDFS Cybersecurity Regulation’), a groundbreaking and far-reaching regulatory regime focused on financial institutions licensed in New York, including insurance companies.

EventBot, a new Android mobile targets financial institutions across Europe

Security Affairs

Security experts from Cybereason Nocturnus team discovered a new piece of Android malware dubbed EventBot that targets banks, financial services across Europe. The post EventBot, a new Android mobile targets financial institutions across Europe appeared first on Security Affairs.

Ransomware at IT Services Provider Synoptek

Krebs on Security

Synoptek , a California business that provides cloud hosting and IT management services to more than a thousand customer nationwide, suffered a ransomware attack this week that has disrupted operations for many of its clients, according to sources.

NYDFS Cybersecurity Regulations: A glimpse into the future

Thales eSecurity

The cybersecurity regulation ( 23 NYCRR 500 ) adopted by the New York State Department of Financial Services (NYDFS) is nearly two years old. Even though these regulations only apply to New York, financial institutions across the U.S.

Q&A: Here’s how Google’s labeling HTTP websites “Not Secure” will strengthen the Internet

The Last Watchdog

In a move to blanket the Internet with encrypted website traffic, Google is moving forward with its insistence that straggling website publishers adopt HTTPS Secure Sockets Layer (SSL). This makes any personal information and details of financial transactions typed on HTTP web pages easy pickings. It’s true that most financial services and big-name shopping websites have long ago moved to HTTPS.

Blockchain, Cybersecurity and Global Finance

Hunton Privacy

In the near future, blockchain may become the new architecture of a reinvented global financial services infrastructure. The technology – a distributed, consensus-driven ledger that enables and records encrypted digital asset transfers without the need of a confirming third party – is revolutionary to global financial services, whose core functions include the trusted intermediary role ( e.g. , payment processor, broker, dealer, custodian).

NEW TECH: How ‘cryptographic splitting’ bakes-in security at a ‘protect-the-data-itself’ level

The Last Watchdog

Tech consultancy IDC recently estimated that global spending on security-related hardware, software and services is growing at a compound annual growth rate of 9.2% Cryptographic splitting has to do with encrypting data, splitting this encrypted data into smaller, random chunks, and then distributing those smaller chunks to several storage locations. At each storage location, yet another layer of encryption is added. And we keep the data encrypted all time.

Marriott Breach: More than 500 Million Guest Affected

Adam Levin

“The company recently discovered that an unauthorized party had copied and encrypted information, and took steps towards removing it,” Marriott disclosed in a statement.

Global Shipping and mailing services firm Pitney Bowes hit by ransomware attack

Security Affairs

The global shipping and mailing services company Pitney Bowes suffered a partial outage of its service caused by a ransomware attack. Pitney Bowes is a global technology company that provides commerce solutions in the areas of ecommerce, shipping, mailing, data and financial services.

New Obligations Under the NYDFS Cybersecurity Regulation Came Online in September

HL Chronicle of Data Protection

Encryption of Non-public Information (Section 500.15). Encryption of Nonpublic Information (Section 500.15).

Maze ransomware gang discloses data from drug testing firm HMR

Security Affairs

The attack took place on March 14th, 2020, when the Maze Ransomware operators exfiltrated data from the HMR’s network and then encrypt their systems. “Consider contacting CIFAS (the UK’s Fraud Prevention Service) to apply for protective registration.

Tokenization: Ready for Prime Time

Thales eSecurity

For example, using a customer’s data to purchase goods from a merchant is different from using a customer’s data to identify a customer in a loyalty program or to provide health care services. Financial Services. Encryption and Tokenization.

A New Era for Data Protection

Thales eSecurity

The combination of our two companies creates the worldwide leader in digital security, protecting more data, transactions and identities than any other company and enabling tens of thousands of organizations to deliver trusted digital services to billions of individuals around the world.

Cloud 72

Turning Aspiration into Action to Protect Financial Institutions

Thales eSecurity

While this event is still considered one of the most grandiose thefts, financial institutions today collectively face digital attacks that easily rival it. The report also found that financial institutions are rapidly implementing complex hybrid and multi-cloud environments.

FTC Proposes Changes to GLB Privacy and Safeguards Rules

Hunton Privacy

The proposed amendments to the Safeguards Rule, which went into effect in 2003 and imposes data security obligations on financial institutions over which the Commission has jurisdiction, are based primarily on the cybersecurity regulations issued by the New York Department of Financial Services and the insurance data security model law issued by the National Association of Insurance Commissioners. Financial Privacy U.S.

New Obligations Under the NYDFS Cybersecurity Regulation Came Online in September

HL Chronicle of Data Protection

Encryption of Non-public Information (Section 500.15). Encryption of Nonpublic Information (Section 500.15).

New Obligations Under the NYDFS Cybersecurity Regulation Came Online in September

HL Chronicle of Data Protection

Encryption of Non-public Information (Section 500.15). Encryption of Nonpublic Information (Section 500.15).

New Trickbot module implements Remote App Credential-Grabbing features

Security Affairs

The new variant is being spread via spam emails that pose as tax-incentive notification purporting to be from the financial services company Deloitte.

Air Canada data breach – 20,000 users of its mobile app affected

Security Affairs

22-24, 2018, it added that financial data was protected but invited to remain vigilant for fraudulent credit card transactions. Credit cards that are saved to your profile are encrypted and stored in compliance with security standards set by the payment card industry or PCI standards.

Whatever the future of payments, you can trust in a lack of trust

Thales eSecurity

The concept of payment, at its most fundamental, is simply about people agreeing to exchange goods or services. The stated aim of decentralisation in Bitcoin, for example, is to remove the middle man entirely, and instead end fraud and financial disputes through transparency.

List of data breaches and cyber attacks in July 2019 – 2.2 billion records leaked

IT Governance

Department of Health Services email hacked exposing patient data (14,591). Hackers breach SyTech, a contractor for Russia’s national intelligence service (unknown). Maitland, FL, dentist says five months of patient records encrypted by ransomware (unknown). Financial information.

It’s time to think twice about retail loyalty programs

Thales eSecurity

We had some results this year from the 100+ US retail IT security professionals that were surveyed for the 2018 Thales Data Threat Report that differed from every other segment we polled (healthcare, federal government, financial services).

Federal Agency Data is Under Siege

Thales eSecurity

Its unique capabilities include the design and deployment of equipment, systems and services to meet complex security requirements. federal respondents used more than five Infrastructure-as-a-Service (IaaS) vendors.

Sorting Through the Whirlwind of News on the Proposed Equifax Settlement and Capital One Breach

ARMA International

The Consumer Financial Protection Bureau (CFPB) will get $100 million of that in civil penalties with another $175 million going to states and territories. Though Capital One reports that it encrypts its data as a standard practice, the data was de-encrypted during the breach.

Transition period under New York Cybersecurity Regulation ends March 1, 2019

Data Protection Report

The two-year transitional period under the New York State Department of Financial Services (“DFS””) Cybersecurity Regulation , 23 NYCRR 500 (the “Regulation”), will expire on March 1, 2019, with the final remaining requirement becoming effective. Third-party service provider risk management program. However, covered entities will not be required to certify their compliance with the Regulation’s third-party service provider risk management provisions until February 15, 2020.

Chinese LuckyMouse APT has been using a digitally signed network filtering driver in recent attacks

Security Affairs

defense contractors and financial services firms worldwide. Security experts observed the LuckyMouse APT group using a digitally signed 32- and 64-bit network filtering driver NDISProxy in recent attacks.

US: Surviving the service provider data breach

DLA Piper Privacy Matters

It’s your service provider’s breach, but it involves your (more likely, your customer’s) data. Service provider cyber incidents have exploded in volume, type, frequency, response time and cost. What’s the fallout from a service provider breach?

FTC Seeks Comment on Proposed Changes to its GLBA Safeguards and Privacy Rules

Data Matters

Last week, the Federal Trade Commission (“FTC”) got into the act as well, releasing two notices of proposed rulemaking (“NPRM”) on potential changes to its the Standards for Safeguarding Customer Information (“Safeguards Rule”) and Privacy of Consumer Financial Information Rule (“Privacy Rule”) under the Gramm-Leach-Bliley Act. Cybersecurity Enforcement Financial Privacy FTC Information Security Policy

US: Coronavirus – Cybersecurity considerations for your newly remote workforce

DLA Piper Privacy Matters

Where feasible, consider using encryption and secure file transfer platforms for the transmission of sensitive data. Some newer laws, such as the New York Department of Financial Services Cybersecurity Regulation, require MFA under certain circumstances.

How Blockchain and Bitcoin Tech Will Fuel the Industrial IoT

Perficient Data & Analytics

In a recent interview with CNBC, Steve Chiavarone, VP at financial services firm Federated Investors said, “When you think about it from an enterprise perspective, blockchain has the ability to replace reconciliation, which is expensive and requires back office, and time, and paperwork — with more instantaneous verification.”.

Understanding Blockchain and its Impact on Legal Technology, Part Two

eDiscovery Daily

Areas such as financial services, technology, manufacturing, pharmaceutical, and energy industries all needed systems with these two factors. The audit trail itself is visible to all participants yet allows encryption of individual transactions.

SEC Releases Observations from Recent Cybersecurity Examinations of Broker-Dealers and Advisers

Hunton Privacy

Almost half of the broker-dealers (47%) reportedly participate in information sharing organizations such as the Financial Services Information Sharing and Analysis Center. Almost all the examined broker-dealers (98%) and advisers (91%) make use of encryption in some form.