GDPR: Data Privacy Laws in Financial Services

Perficient Data & Analytics

My previous blog post addresses the reasons for the regulation and the requirements associated with the New York State Department of Financial Services (NYDFS) 23 NYCRR 500. Data protection must be designed into the development of business processes for products and services. An example is encryption, which renders the original data unintelligible and the process cannot be reversed without the correct decryption key.

NYDFS 500 and GDPR in Financial Services – Actions to Take Now

Perficient Data & Analytics

The first step any financial institution must take in its response to the laws is to evaluate its exposure and current capabilities in protecting sensitive business and customer data. Implement: Technical services are required to create/ update cybersecurity policies and procedures. For more information on NYDFS 500 and GDPR laws and regulations on the financial services industry, please download our guide here , or click below.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Financial Services Organizations Need to Adapt their Security Practices to the Shifting Environment

Thales Cloud Protection & Licensing

Financial Services Organizations Need to Adapt their Security Practices to the Shifting Environment. Even “traditional banks” seek to drive more revenue from digital products, personalized services and experiences. Encryption and tokenization rates remain low. Encryption.

Historic Charges: First Enforcement Action Filed by New York Department of Financial Services Under Cybersecurity Regulation

Data Matters

On July 21, 2020, the New York State Department of Financial Services (NYDFS or the Department) issued a statement of charges and notice of hearing (the Statement) against First American Title Insurance Company (First American) for violations of the Department’s Cybersecurity Requirements for Financial Services Companies, 23 N.Y.C.R.R. Alternative controls can be put in place if encryption is infeasible.

Kali Project Encryption and Isolation Using Vagrant and BitLocker

Perficient Data & Analytics

Create a BitLocker-protected virtual drive to provide “encryption at rest” data protection for your project files and data portability for archival purposes. Provision a clean Kali Linux virtual machine, configured with an encrypted virtual storage device that provides “encryption at rest” for the virtual machine itself. A configured and Vagrant-managed Kali virtual machine where the associated virtual storage device has been encrypted by Virtualbox.

Slack Launched Encryption Key Addon For Businesses

Security Affairs

Slack announced today to launch encryption keys that will help businesses to protect their data. Slack announced today to launch encryption keys that will help businesses to protect their data. Slack announced today to launch encryption keys that will help businesses to protect their data. What is the purpose of Enterprise Key Management if Slack really encrypts the data? Slack currently encrypts your data in transit and at rest.

Protecting Sensitive Data with Luna Key Broker for Microsoft Double Key Encryption

Thales Cloud Protection & Licensing

Protecting Sensitive Data with Luna Key Broker for Microsoft Double Key Encryption. Thales has integrated its Luna HSMs with DKE for Microsoft 365, which work together to enable organizations to protect their most sensitive data while maintaining full control of their encryption keys.

New York State Expected to Increase Enforcement of Cybersecurity Practices

HL Chronicle of Data Protection

It applies to any “Covered Entity,” which is defined broadly to include “any Person operating under or required to operate under a license, registration, charter, certificate, permit, accreditation or similar authorization under the Banking Law, the Insurance Law or the Financial Services Law.”

What You Need to Know About Storing Financial Data in the Cloud

InfoGoTo

In light of recent malware attacks that affected financial services customers’ data stored in the cloud, organizations should take a hard look at how they’re securing their financial information. Therefore, financial services firms and other organizations must continually examine and strengthen their security precautions to thwart as many of these threats as possible. Financial Services cloud financial information malware storage

Emergence of Blockchain in Finance Requires Secure, Streamlined Data Management

InfoGoTo

Blockchain in finance is advancing as financial services providers and regulators look into the different ways cryptocurrencies will impact payments, value exchange and other elements of the financial landscape. Some financial institutions see value in adding crypotocurrencies to their existing line of products and services. Financial Services blockchain cryptocurrency legislation recordkeeping

DataStax Advanced Security : Eat your vegetables first

Perficient Data & Analytics

Sarbanes Oxley, Basel II, the Health Insurance Portability and Accountability Act (HIPAA), the General Data Protection Regulation (GDPR), and the Payment Card Industry Data Security Standard (PCI DSS) expose regulated industries to substantial reputational and financial risk. Cassandra’s TLS/SSL encryption is available between both the client and the database cluster as well as intra-node to provide for encryption for data in-flight. encryption.

Cybersecurity Standards for the Insurance Sector – A New Patchwork Quilt in the US?

HL Chronicle of Data Protection

For example, the New York Department of Financial Services (‘NYDFS’) in March 2017 issued its Cybersecurity Regulation (23 NYCRR 500) (‘the NYDFS Cybersecurity Regulation’), a groundbreaking and far-reaching regulatory regime focused on financial institutions licensed in New York, including insurance companies.

BlackCocaine Ransomware, a new malware in the threat landscape

Security Affairs

Recently Cyber researchers for Cyble investigated an attack suffered by on May 30, 2021, by Nucleus Software, an India-based IT company in the Banking and Financial Services sector. Nucleus Software declared that it does not store customers’ financial data.

EventBot, a new Android mobile targets financial institutions across Europe

Security Affairs

Security experts from Cybereason Nocturnus team discovered a new piece of Android malware dubbed EventBot that targets banks, financial services across Europe. The post EventBot, a new Android mobile targets financial institutions across Europe appeared first on Security Affairs.

Morgan Stanley discloses data breach after the hack of a third-party vendor

Security Affairs

The American multinational investment bank and financial services firm Morgan Stanley discloses a data breach caused by the hack of an Accellion FTA server of a third-party vendor.

Ransomware at IT Services Provider Synoptek

Krebs on Security

Synoptek , a California business that provides cloud hosting and IT management services to more than a thousand customer nationwide, suffered a ransomware attack this week that has disrupted operations for many of its clients, according to sources.

Firmware attacks, a grey area in cybersecurity of organizations

Security Affairs

Firmware is becoming a privileged target of threat actors because it usually holds sensitive information like credentials and encryption keys. A new report published by Microsoft revealed that 80% of global enterprises were victims of a firmware-focused cyberattack.

Q&A: Here’s how Google’s labeling HTTP websites “Not Secure” will strengthen the Internet

The Last Watchdog

In a move to blanket the Internet with encrypted website traffic, Google is moving forward with its insistence that straggling website publishers adopt HTTPS Secure Sockets Layer (SSL). This makes any personal information and details of financial transactions typed on HTTP web pages easy pickings. It’s true that most financial services and big-name shopping websites have long ago moved to HTTPS.

Blockchain, Cybersecurity and Global Finance

Hunton Privacy

In the near future, blockchain may become the new architecture of a reinvented global financial services infrastructure. The technology – a distributed, consensus-driven ledger that enables and records encrypted digital asset transfers without the need of a confirming third party – is revolutionary to global financial services, whose core functions include the trusted intermediary role ( e.g. , payment processor, broker, dealer, custodian).

Mysterious custom malware used to steal 1.2TB of data from million PCs

Security Affairs

million unique email addresses, NordLocker found, for an array of different apps and services. These included logins for social media, online games, online marketplaces, job-search sites, consumer electronics, financial services, email services, and more.

NEW TECH: How ‘cryptographic splitting’ bakes-in security at a ‘protect-the-data-itself’ level

The Last Watchdog

Tech consultancy IDC recently estimated that global spending on security-related hardware, software and services is growing at a compound annual growth rate of 9.2% Cryptographic splitting has to do with encrypting data, splitting this encrypted data into smaller, random chunks, and then distributing those smaller chunks to several storage locations. At each storage location, yet another layer of encryption is added. And we keep the data encrypted all time.

Marriott Breach: More than 500 Million Guest Affected

Adam Levin

“The company recently discovered that an unauthorized party had copied and encrypted information, and took steps towards removing it,” Marriott disclosed in a statement. There is no clarity on credit cards, with the company at this time still unable to determine if the hackers were able to de-encrypt card numbers, but it is known that 327 million guests were exposed.

NYDFS Cybersecurity Regulations: A glimpse into the future

Thales Cloud Protection & Licensing

The cybersecurity regulation ( 23 NYCRR 500 ) adopted by the New York State Department of Financial Services (NYDFS) is nearly two years old. Leading up to that date, companies have had to meet several milestones including hiring a CISO, encrypting all its non-public consumer data and enabling multi-factor authentication. Even though these regulations only apply to New York, financial institutions across the U.S.

Experts linked ransomware attacks to China-linked APT27

Security Affairs

defense contractors , financial services firms, and a national data center in Central Asia. The hackers used the Windows drive encryption tool BitLocker to lock the servers. If APT27 focuses on cyberespionage, Winnti is known for its financial motivation.

Global Shipping and mailing services firm Pitney Bowes hit by ransomware attack

Security Affairs

The global shipping and mailing services company Pitney Bowes suffered a partial outage of its service caused by a ransomware attack. The Pitney Bowes company announced that a ransomware attack infected its systems and cause a partial system outage that made some of its service unavailable for some customers. Pitney Bowes is a global technology company that provides commerce solutions in the areas of ecommerce, shipping, mailing, data and financial services.

The Future of Payments Security

Thales Cloud Protection & Licensing

The Verizon DBIR 2020 report indicates that financially motivated attacks against retailers have moved away from Point of Sale (POS) devices and controllers, towards web applications. Criminals use personal and financial data to impersonate customers and add apparent authenticity to a scam.

Retail 106

New Obligations Under the NYDFS Cybersecurity Regulation Came Online in September

HL Chronicle of Data Protection

The New York State Department of Financial Services (NYDFS) Cybersecurity Regulation (23 NYCRR Part 500) came into effect March 1, 2017 (see our previous publications: “ New York Department of Financial Services Cybersecurity rules revised and delayed ,” “ The ‘Final Final’ Is Here: NYDFS Cybersecurity Regulations ,” and “ A guide to NYDFS Cybersecurity Regulation’s March 1 implementation deadline ”). Encryption of Non-public Information (Section 500.15).

Maze ransomware gang discloses data from drug testing firm HMR

Security Affairs

The attack took place on March 14th, 2020, when the Maze Ransomware operators exfiltrated data from the HMR’s network and then encrypt their systems. “Consider contacting CIFAS (the UK’s Fraud Prevention Service) to apply for protective registration.

China: Navigating China episode 16: New data lifecycle guidelines for financial institutions in China – detailed assessments, additional security measures and some data localisation introduced

DLA Piper Privacy Matters

Important new guidelines outlining how personal and other types of financial information should be handled by financial institutions throughout the data lifecycle have just come into force in China, including a new data localisation obligation. Level 3: personal financial information.

Healthcare Organizations Need to Adapt Their Data Protection Policies to the New Threat Environment

Thales Cloud Protection & Licensing

The COVID-19 pandemic social distancing requirements, forcing healthcare providers to adopt telematic services at a greater degree to offer their patients the same level of treatment remotely, will be a great driver for further digitalization of the healthcare sector. Encryption.

FTC Proposes Changes to GLB Privacy and Safeguards Rules

Hunton Privacy

The proposed amendments to the Safeguards Rule, which went into effect in 2003 and imposes data security obligations on financial institutions over which the Commission has jurisdiction, are based primarily on the cybersecurity regulations issued by the New York Department of Financial Services and the insurance data security model law issued by the National Association of Insurance Commissioners. Financial Privacy U.S.

Billions of FBS Records Exposed in Online Trading Broker Data Leak

Security Affairs

comprised millions of confidential records including names, passwords, email addresses, passport numbers, national IDs, credit cards, financial transactions and more. Despite containing very sensitive financial data, the server was left open without any password protection or encryption.

Air Canada data breach – 20,000 users of its mobile app affected

Security Affairs

22-24, 2018, it added that financial data was protected but invited to remain vigilant for fraudulent credit card transactions. Credit cards that are saved to your profile are encrypted and stored in compliance with security standards set by the payment card industry or PCI standards. Air Canada data breach – The incident was confirmed by the company and may have affected 20,000 customers (1%) of its 1.7 million mobile app users.

New Trickbot module implements Remote App Credential-Grabbing features

Security Affairs

The new variant is being spread via spam emails that pose as tax-incentive notification purporting to be from the financial services company Deloitte. Trickbot also uses the encryption for the strings implemented via simple variants of XOR or SUB routines and also borrowed from the Carberp trojan source code the use of API hashes for indirect API calling.

The Microsoft Exchange Attack Saga Continues

eSecurity Planet

approach in that the attackers copy and exfiltrate a company’s data just prior to encrypting it. A disturbing 23% of all attacks have been levied on Government and Military organizations, followed by Manufacturing (15%) and Financial Services (14%). .

New Obligations Under the NYDFS Cybersecurity Regulation Came Online in September

HL Chronicle of Data Protection

The New York State Department of Financial Services (NYDFS) Cybersecurity Regulation (23 NYCRR Part 500) came into effect March 1, 2017 (see our previous publications: “ New York Department of Financial Services Cybersecurity rules revised and delayed ,” “ The ‘Final Final’ Is Here: NYDFS Cybersecurity Regulations ,” and “ A guide to NYDFS Cybersecurity Regulation’s March 1 implementation deadline ”). Encryption of Non-public Information (Section 500.15).

New Obligations Under the NYDFS Cybersecurity Regulation Came Online in September

HL Chronicle of Data Protection

The New York State Department of Financial Services (NYDFS) Cybersecurity Regulation (23 NYCRR Part 500) came into effect March 1, 2017 (see our previous publications: “ New York Department of Financial Services Cybersecurity rules revised and delayed ,” “ The ‘Final Final’ Is Here: NYDFS Cybersecurity Regulations ,” and “ A guide to NYDFS Cybersecurity Regulation’s March 1 implementation deadline ”). Encryption of Non-public Information (Section 500.15).

Q&A: Sophos poll shows how attackers are taking advantage of cloud migration to wreak havoc

The Last Watchdog

But there’s no doubt that the exodus to a much greater dependency on hybrid cloud and multi-cloud resources – Infrastructure-as-a-Service ( IaaS ) and Platforms-as-a-Service ( PaaS ) – is in full swing. New cloud PaaS services, such as shared storage, containers, database services and serverless functions etc. typically cannot have a security agent running on them, so it’s left up to the organization to securely configure these services.

Cloud 136

DOL Puts Plan Sponsors and Other Fiduciaries on Notice: ERISA Requires Appropriate Precautions to Mitigate Cybersecurity Threats

Data Matters

The Cybersecurity Guidance is set forth in three parts: Tips for Hiring a Service Provider , directed toward plan sponsors and fiduciaries. Cybersecurity Program Best Practices (Best Practices), directed at recordkeepers and other service providers responsible for plan-related IT systems and data as well as plan fiduciaries evaluating service providers’ cybersecurity programs. Obligations of Service Providers Responsible for Plan-Related IT Systems and Data.

Tokenization: Ready for Prime Time

Thales Cloud Protection & Licensing

For example, using a customer’s data to purchase goods from a merchant is different from using a customer’s data to identify a customer in a loyalty program or to provide health care services. And these identifiers are also used to access information for billing, order status, and customer service. Financial Services. Encryption and Tokenization. Encryption has been the preferred way to protect sensitive data, and it’s still valid for the majority of use cases.