GDPR: Data Privacy Laws in Financial Services

Perficient Data & Analytics

My previous blog post addresses the reasons for the regulation and the requirements associated with the New York State Department of Financial Services (NYDFS) 23 NYCRR 500. Data protection must be designed into the development of business processes for products and services. An example is encryption, which renders the original data unintelligible and the process cannot be reversed without the correct decryption key.

NYDFS 500 and GDPR in Financial Services – Actions to Take Now

Perficient Data & Analytics

The first step any financial institution must take in its response to the laws is to evaluate its exposure and current capabilities in protecting sensitive business and customer data. Implement: Technical services are required to create/ update cybersecurity policies and procedures. For more information on NYDFS 500 and GDPR laws and regulations on the financial services industry, please download our guide here , or click below.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Financial Services Organizations Need to Adapt their Security Practices to the Shifting Environment

Thales Cloud Protection & Licensing

Financial Services Organizations Need to Adapt their Security Practices to the Shifting Environment. Even “traditional banks” seek to drive more revenue from digital products, personalized services and experiences. Encryption and tokenization rates remain low. Encryption.

Historic Charges: First Enforcement Action Filed by New York Department of Financial Services Under Cybersecurity Regulation

Data Matters

On July 21, 2020, the New York State Department of Financial Services (NYDFS or the Department) issued a statement of charges and notice of hearing (the Statement) against First American Title Insurance Company (First American) for violations of the Department’s Cybersecurity Requirements for Financial Services Companies, 23 N.Y.C.R.R. Alternative controls can be put in place if encryption is infeasible.

Kali Project Encryption and Isolation Using Vagrant and BitLocker

Perficient Data & Analytics

Create a BitLocker-protected virtual drive to provide “encryption at rest” data protection for your project files and data portability for archival purposes. Provision a clean Kali Linux virtual machine, configured with an encrypted virtual storage device that provides “encryption at rest” for the virtual machine itself. A configured and Vagrant-managed Kali virtual machine where the associated virtual storage device has been encrypted by Virtualbox.

Slack Launched Encryption Key Addon For Businesses

Security Affairs

Slack announced today to launch encryption keys that will help businesses to protect their data. Slack announced today to launch encryption keys that will help businesses to protect their data. Slack announced today to launch encryption keys that will help businesses to protect their data. What is the purpose of Enterprise Key Management if Slack really encrypts the data? Slack currently encrypts your data in transit and at rest.

Protecting Sensitive Data with Luna Key Broker for Microsoft Double Key Encryption

Thales Cloud Protection & Licensing

Protecting Sensitive Data with Luna Key Broker for Microsoft Double Key Encryption. Thales has integrated its Luna HSMs with DKE for Microsoft 365, which work together to enable organizations to protect their most sensitive data while maintaining full control of their encryption keys.

New York State Expected to Increase Enforcement of Cybersecurity Practices

HL Chronicle of Data Protection

It applies to any “Covered Entity,” which is defined broadly to include “any Person operating under or required to operate under a license, registration, charter, certificate, permit, accreditation or similar authorization under the Banking Law, the Insurance Law or the Financial Services Law.”

What You Need to Know About Storing Financial Data in the Cloud

InfoGoTo

In light of recent malware attacks that affected financial services customers’ data stored in the cloud, organizations should take a hard look at how they’re securing their financial information. Therefore, financial services firms and other organizations must continually examine and strengthen their security precautions to thwart as many of these threats as possible. Financial Services cloud financial information malware storage

Emergence of Blockchain in Finance Requires Secure, Streamlined Data Management

InfoGoTo

Blockchain in finance is advancing as financial services providers and regulators look into the different ways cryptocurrencies will impact payments, value exchange and other elements of the financial landscape. Some financial institutions see value in adding crypotocurrencies to their existing line of products and services. Financial Services blockchain cryptocurrency legislation recordkeeping

DataStax Advanced Security : Eat your vegetables first

Perficient Data & Analytics

Sarbanes Oxley, Basel II, the Health Insurance Portability and Accountability Act (HIPAA), the General Data Protection Regulation (GDPR), and the Payment Card Industry Data Security Standard (PCI DSS) expose regulated industries to substantial reputational and financial risk. Cassandra’s TLS/SSL encryption is available between both the client and the database cluster as well as intra-node to provide for encryption for data in-flight. encryption.

Cybersecurity Standards for the Insurance Sector – A New Patchwork Quilt in the US?

HL Chronicle of Data Protection

For example, the New York Department of Financial Services (‘NYDFS’) in March 2017 issued its Cybersecurity Regulation (23 NYCRR 500) (‘the NYDFS Cybersecurity Regulation’), a groundbreaking and far-reaching regulatory regime focused on financial institutions licensed in New York, including insurance companies.

Firmware attacks, a grey area in cybersecurity of organizations

Security Affairs

Firmware is becoming a privileged target of threat actors because it usually holds sensitive information like credentials and encryption keys. A new report published by Microsoft revealed that 80% of global enterprises were victims of a firmware-focused cyberattack.

EventBot, a new Android mobile targets financial institutions across Europe

Security Affairs

Security experts from Cybereason Nocturnus team discovered a new piece of Android malware dubbed EventBot that targets banks, financial services across Europe. The post EventBot, a new Android mobile targets financial institutions across Europe appeared first on Security Affairs.

Ransomware at IT Services Provider Synoptek

Krebs on Security

Synoptek , a California business that provides cloud hosting and IT management services to more than a thousand customer nationwide, suffered a ransomware attack this week that has disrupted operations for many of its clients, according to sources.

Q&A: Here’s how Google’s labeling HTTP websites “Not Secure” will strengthen the Internet

The Last Watchdog

In a move to blanket the Internet with encrypted website traffic, Google is moving forward with its insistence that straggling website publishers adopt HTTPS Secure Sockets Layer (SSL). This makes any personal information and details of financial transactions typed on HTTP web pages easy pickings. It’s true that most financial services and big-name shopping websites have long ago moved to HTTPS.

Blockchain, Cybersecurity and Global Finance

Hunton Privacy

In the near future, blockchain may become the new architecture of a reinvented global financial services infrastructure. The technology – a distributed, consensus-driven ledger that enables and records encrypted digital asset transfers without the need of a confirming third party – is revolutionary to global financial services, whose core functions include the trusted intermediary role ( e.g. , payment processor, broker, dealer, custodian).

NEW TECH: How ‘cryptographic splitting’ bakes-in security at a ‘protect-the-data-itself’ level

The Last Watchdog

Tech consultancy IDC recently estimated that global spending on security-related hardware, software and services is growing at a compound annual growth rate of 9.2% Cryptographic splitting has to do with encrypting data, splitting this encrypted data into smaller, random chunks, and then distributing those smaller chunks to several storage locations. At each storage location, yet another layer of encryption is added. And we keep the data encrypted all time.

Marriott Breach: More than 500 Million Guest Affected

Adam Levin

“The company recently discovered that an unauthorized party had copied and encrypted information, and took steps towards removing it,” Marriott disclosed in a statement. There is no clarity on credit cards, with the company at this time still unable to determine if the hackers were able to de-encrypt card numbers, but it is known that 327 million guests were exposed.

Experts linked ransomware attacks to China-linked APT27

Security Affairs

defense contractors , financial services firms, and a national data center in Central Asia. The hackers used the Windows drive encryption tool BitLocker to lock the servers. If APT27 focuses on cyberespionage, Winnti is known for its financial motivation.

NYDFS Cybersecurity Regulations: A glimpse into the future

Thales Cloud Protection & Licensing

The cybersecurity regulation ( 23 NYCRR 500 ) adopted by the New York State Department of Financial Services (NYDFS) is nearly two years old. Leading up to that date, companies have had to meet several milestones including hiring a CISO, encrypting all its non-public consumer data and enabling multi-factor authentication. Even though these regulations only apply to New York, financial institutions across the U.S.

The Future of Payments Security

Thales Cloud Protection & Licensing

The Verizon DBIR 2020 report indicates that financially motivated attacks against retailers have moved away from Point of Sale (POS) devices and controllers, towards web applications. Criminals use personal and financial data to impersonate customers and add apparent authenticity to a scam.

Retail 100

Global Shipping and mailing services firm Pitney Bowes hit by ransomware attack

Security Affairs

The global shipping and mailing services company Pitney Bowes suffered a partial outage of its service caused by a ransomware attack. The Pitney Bowes company announced that a ransomware attack infected its systems and cause a partial system outage that made some of its service unavailable for some customers. Pitney Bowes is a global technology company that provides commerce solutions in the areas of ecommerce, shipping, mailing, data and financial services.

Billions of FBS Records Exposed in Online Trading Broker Data Leak

Security Affairs

comprised millions of confidential records including names, passwords, email addresses, passport numbers, national IDs, credit cards, financial transactions and more. Despite containing very sensitive financial data, the server was left open without any password protection or encryption.

Healthcare Organizations Need to Adapt Their Data Protection Policies to the New Threat Environment

Thales Cloud Protection & Licensing

The COVID-19 pandemic social distancing requirements, forcing healthcare providers to adopt telematic services at a greater degree to offer their patients the same level of treatment remotely, will be a great driver for further digitalization of the healthcare sector. Encryption.

New Obligations Under the NYDFS Cybersecurity Regulation Came Online in September

HL Chronicle of Data Protection

The New York State Department of Financial Services (NYDFS) Cybersecurity Regulation (23 NYCRR Part 500) came into effect March 1, 2017 (see our previous publications: “ New York Department of Financial Services Cybersecurity rules revised and delayed ,” “ The ‘Final Final’ Is Here: NYDFS Cybersecurity Regulations ,” and “ A guide to NYDFS Cybersecurity Regulation’s March 1 implementation deadline ”). Encryption of Non-public Information (Section 500.15).

The Microsoft Exchange Attack Saga Continues

eSecurity Planet

approach in that the attackers copy and exfiltrate a company’s data just prior to encrypting it. A disturbing 23% of all attacks have been levied on Government and Military organizations, followed by Manufacturing (15%) and Financial Services (14%). .

Maze ransomware gang discloses data from drug testing firm HMR

Security Affairs

The attack took place on March 14th, 2020, when the Maze Ransomware operators exfiltrated data from the HMR’s network and then encrypt their systems. “Consider contacting CIFAS (the UK’s Fraud Prevention Service) to apply for protective registration.

FTC Proposes Changes to GLB Privacy and Safeguards Rules

Hunton Privacy

The proposed amendments to the Safeguards Rule, which went into effect in 2003 and imposes data security obligations on financial institutions over which the Commission has jurisdiction, are based primarily on the cybersecurity regulations issued by the New York Department of Financial Services and the insurance data security model law issued by the National Association of Insurance Commissioners. Financial Privacy U.S.

Air Canada data breach – 20,000 users of its mobile app affected

Security Affairs

22-24, 2018, it added that financial data was protected but invited to remain vigilant for fraudulent credit card transactions. Credit cards that are saved to your profile are encrypted and stored in compliance with security standards set by the payment card industry or PCI standards. Air Canada data breach – The incident was confirmed by the company and may have affected 20,000 customers (1%) of its 1.7 million mobile app users.

Ransomware Protection in 2021

eSecurity Planet

All of your files are encrypted with RSA-2048 and AES-128 ciphers.” ” Or you might see a readme.txt stating, “Your files have been replaced by these encrypted containers and aren’t accessible; you will lose your files on [enter date] unless you pay $2500 in Bitcoin.”

New Trickbot module implements Remote App Credential-Grabbing features

Security Affairs

The new variant is being spread via spam emails that pose as tax-incentive notification purporting to be from the financial services company Deloitte. Trickbot also uses the encryption for the strings implemented via simple variants of XOR or SUB routines and also borrowed from the Carberp trojan source code the use of API hashes for indirect API calling.

New Obligations Under the NYDFS Cybersecurity Regulation Came Online in September

HL Chronicle of Data Protection

The New York State Department of Financial Services (NYDFS) Cybersecurity Regulation (23 NYCRR Part 500) came into effect March 1, 2017 (see our previous publications: “ New York Department of Financial Services Cybersecurity rules revised and delayed ,” “ The ‘Final Final’ Is Here: NYDFS Cybersecurity Regulations ,” and “ A guide to NYDFS Cybersecurity Regulation’s March 1 implementation deadline ”). Encryption of Non-public Information (Section 500.15).

New Obligations Under the NYDFS Cybersecurity Regulation Came Online in September

HL Chronicle of Data Protection

The New York State Department of Financial Services (NYDFS) Cybersecurity Regulation (23 NYCRR Part 500) came into effect March 1, 2017 (see our previous publications: “ New York Department of Financial Services Cybersecurity rules revised and delayed ,” “ The ‘Final Final’ Is Here: NYDFS Cybersecurity Regulations ,” and “ A guide to NYDFS Cybersecurity Regulation’s March 1 implementation deadline ”). Encryption of Non-public Information (Section 500.15).

Q&A: Sophos poll shows how attackers are taking advantage of cloud migration to wreak havoc

The Last Watchdog

But there’s no doubt that the exodus to a much greater dependency on hybrid cloud and multi-cloud resources – Infrastructure-as-a-Service ( IaaS ) and Platforms-as-a-Service ( PaaS ) – is in full swing. New cloud PaaS services, such as shared storage, containers, database services and serverless functions etc. typically cannot have a security agent running on them, so it’s left up to the organization to securely configure these services.

Cloud 131

Tokenization: Ready for Prime Time

Thales Cloud Protection & Licensing

For example, using a customer’s data to purchase goods from a merchant is different from using a customer’s data to identify a customer in a loyalty program or to provide health care services. And these identifiers are also used to access information for billing, order status, and customer service. Financial Services. Encryption and Tokenization. Encryption has been the preferred way to protect sensitive data, and it’s still valid for the majority of use cases.

Turning Aspiration into Action to Protect Financial Institutions

Thales Cloud Protection & Licensing

While this event is still considered one of the most grandiose thefts, financial institutions today collectively face digital attacks that easily rival it. The report also found that financial institutions are rapidly implementing complex hybrid and multi-cloud environments.

How ATB Financial drives agile data ops with Collibra and GCP

Collibra

ATB Financial provides a diversified set of financial services to more than 770,000 residents of Alberta, Canada. Like most financial organizations, ATB’s technology architecture included a wide variety of disparate systems that were difficult to navigate.

50 Ways to Avoid Getting Scammed on Black Friday

Adam Levin

Virtual credit cards similarly allow online shoppers to mask their financial accounts. Many financial institutions offer free transaction alerts that notify you when charges hit your account. SSLs ensure all data is encrypted. Shred financial documents.

NYDFS Files First Cybersecurity Enforcement Action

Hunton Privacy

On Wednesday, July 22, the New York Department of Financial Services (the “NYDFS”) announced that it had filed administrative charges against First American Title Insurance Co. NYCRR 500.15: The requirement to implement controls, including encryption, to protect NPI held or transmitted by the covered entity both in transit over external networks and at rest.