GDPR: Data Privacy Laws in Financial Services

Perficient Data & Analytics

My previous blog post addresses the reasons for the regulation and the requirements associated with the New York State Department of Financial Services (NYDFS) 23 NYCRR 500. Data protection must be designed into the development of business processes for products and services. An example is encryption, which renders the original data unintelligible and the process cannot be reversed without the correct decryption key.

NYDFS 500 and GDPR in Financial Services – Actions to Take Now

Perficient Data & Analytics

The first step any financial institution must take in its response to the laws is to evaluate its exposure and current capabilities in protecting sensitive business and customer data. Implement: Technical services are required to create/ update cybersecurity policies and procedures. For more information on NYDFS 500 and GDPR laws and regulations on the financial services industry, please download our guide here , or click below.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Historic Charges: First Enforcement Action Filed by New York Department of Financial Services Under Cybersecurity Regulation

Data Matters

On July 21, 2020, the New York State Department of Financial Services (NYDFS or the Department) issued a statement of charges and notice of hearing (the Statement) against First American Title Insurance Company (First American) for violations of the Department’s Cybersecurity Requirements for Financial Services Companies, 23 N.Y.C.R.R. Alternative controls can be put in place if encryption is infeasible.

Kali Project Encryption and Isolation Using Vagrant and BitLocker

Perficient Data & Analytics

Create a BitLocker-protected virtual drive to provide “encryption at rest” data protection for your project files and data portability for archival purposes. Provision a clean Kali Linux virtual machine, configured with an encrypted virtual storage device that provides “encryption at rest” for the virtual machine itself. A configured and Vagrant-managed Kali virtual machine where the associated virtual storage device has been encrypted by Virtualbox.

NYDFS 500: Why the Regulation?

Perficient Data & Analytics

Previously, I discussed data privacy laws, specifically involving New York State Department of Financial Services (NYDFS) 23 NYCRR 500. Audit Trail: Securely maintain systems that (1) are designed to reconstruct material financial transactions sufficient to support normal operations and obligations of the covered entity; and (2) include audit trails designed to detect and respond to harmful cybersecurity events.

Slack Launched Encryption Key Addon For Businesses

Security Affairs

Slack announced today to launch encryption keys that will help businesses to protect their data. Slack announced today to launch encryption keys that will help businesses to protect their data. Slack announced today to launch encryption keys that will help businesses to protect their data. What is the purpose of Enterprise Key Management if Slack really encrypts the data? Slack currently encrypts your data in transit and at rest.

New York State Expected to Increase Enforcement of Cybersecurity Practices

HL Chronicle of Data Protection

Companies should take note of two imminent developments in New York in the area of cybersecurity regulation: enforcement of the New York Department of Financial Services (NYDFS) Cybersecurity Regulation (Regulation) and the effective date of the Stop Hacks and Improve Electronic Data Security Act (SHIELD Act or Act). Accordingly, companies outside of the financial and healthcare industries should pay particular attention to the new data security obligations in the Act.

Emergence of Blockchain in Finance Requires Secure, Streamlined Data Management

InfoGoTo

Blockchain in finance is advancing as financial services providers and regulators look into the different ways cryptocurrencies will impact payments, value exchange and other elements of the financial landscape. Some financial institutions see value in adding crypotocurrencies to their existing line of products and services. Financial Services blockchain cryptocurrency legislation recordkeeping

DataStax Advanced Security : Eat your vegetables first

Perficient Data & Analytics

Sarbanes Oxley, Basel II, the Health Insurance Portability and Accountability Act (HIPAA), the General Data Protection Regulation (GDPR), and the Payment Card Industry Data Security Standard (PCI DSS) expose regulated industries to substantial reputational and financial risk. Cassandra’s TLS/SSL encryption is available between both the client and the database cluster as well as intra-node to provide for encryption for data in-flight. encryption.

Cybersecurity Standards for the Insurance Sector – A New Patchwork Quilt in the US?

HL Chronicle of Data Protection

For example, the New York Department of Financial Services (‘NYDFS’) in March 2017 issued its Cybersecurity Regulation (23 NYCRR 500) (‘the NYDFS Cybersecurity Regulation’), a groundbreaking and far-reaching regulatory regime focused on financial institutions licensed in New York, including insurance companies.

NYDFS Cybersecurity Regulations: A glimpse into the future

Thales eSecurity

The cybersecurity regulation ( 23 NYCRR 500 ) adopted by the New York State Department of Financial Services (NYDFS) is nearly two years old. Even though these regulations only apply to New York, financial institutions across the U.S.

Ransomware at IT Services Provider Synoptek

Krebs on Security

Synoptek , a California business that provides cloud hosting and IT management services to more than a thousand customer nationwide, suffered a ransomware attack this week that has disrupted operations for many of its clients, according to sources.

EventBot, a new Android mobile targets financial institutions across Europe

Security Affairs

Security experts from Cybereason Nocturnus team discovered a new piece of Android malware dubbed EventBot that targets banks, financial services across Europe. Researchers from Cybereason Nocturnus team discovered a new piece of Android malware dubbed EventBot that targets banks, financial services across Europe. Most of the victims are financial banking applications across the United States and Europe, including Italy, the UK, Spain, Switzerland, France, and Germany.

Q&A: Here’s how Google’s labeling HTTP websites “Not Secure” will strengthen the Internet

The Last Watchdog

In a move to blanket the Internet with encrypted website traffic, Google is moving forward with its insistence that straggling website publishers adopt HTTPS Secure Sockets Layer (SSL). This makes any personal information and details of financial transactions typed on HTTP web pages easy pickings. It’s true that most financial services and big-name shopping websites have long ago moved to HTTPS.

Blockchain, Cybersecurity and Global Finance

Hunton Privacy

In the near future, blockchain may become the new architecture of a reinvented global financial services infrastructure. The technology – a distributed, consensus-driven ledger that enables and records encrypted digital asset transfers without the need of a confirming third party – is revolutionary to global financial services, whose core functions include the trusted intermediary role ( e.g. , payment processor, broker, dealer, custodian).

Marriott Breach: More than 500 Million Guest Affected

Adam Levin

“The company recently discovered that an unauthorized party had copied and encrypted information, and took steps towards removing it,” Marriott disclosed in a statement.

NEW TECH: How ‘cryptographic splitting’ bakes-in security at a ‘protect-the-data-itself’ level

The Last Watchdog

Tech consultancy IDC recently estimated that global spending on security-related hardware, software and services is growing at a compound annual growth rate of 9.2% Cryptographic splitting has to do with encrypting data, splitting this encrypted data into smaller, random chunks, and then distributing those smaller chunks to several storage locations. At each storage location, yet another layer of encryption is added. And we keep the data encrypted all time.

New Obligations Under the NYDFS Cybersecurity Regulation Came Online in September

HL Chronicle of Data Protection

Encryption of Non-public Information (Section 500.15). Encryption of Nonpublic Information (Section 500.15).

Tokenization: Ready for Prime Time

Thales eSecurity

For example, using a customer’s data to purchase goods from a merchant is different from using a customer’s data to identify a customer in a loyalty program or to provide health care services. Financial Services. Encryption and Tokenization.

Global Shipping and mailing services firm Pitney Bowes hit by ransomware attack

Security Affairs

The global shipping and mailing services company Pitney Bowes suffered a partial outage of its service caused by a ransomware attack. The Pitney Bowes company announced that a ransomware attack infected its systems and cause a partial system outage that made some of its service unavailable for some customers. Pitney Bowes is a global technology company that provides commerce solutions in the areas of ecommerce, shipping, mailing, data and financial services.

Maze ransomware gang discloses data from drug testing firm HMR

Security Affairs

The attack took place on March 14th, 2020, when the Maze Ransomware operators exfiltrated data from the HMR’s network and then encrypt their systems. “Consider contacting CIFAS (the UK’s Fraud Prevention Service) to apply for protective registration.

Turning Aspiration into Action to Protect Financial Institutions

Thales eSecurity

While this event is still considered one of the most grandiose thefts, financial institutions today collectively face digital attacks that easily rival it. The report also found that financial institutions are rapidly implementing complex hybrid and multi-cloud environments.

New Obligations Under the NYDFS Cybersecurity Regulation Came Online in September

HL Chronicle of Data Protection

Encryption of Non-public Information (Section 500.15). Encryption of Nonpublic Information (Section 500.15).

New Obligations Under the NYDFS Cybersecurity Regulation Came Online in September

HL Chronicle of Data Protection

Encryption of Non-public Information (Section 500.15). Encryption of Nonpublic Information (Section 500.15).

FTC Proposes Changes to GLB Privacy and Safeguards Rules

Hunton Privacy

The proposed amendments to the Safeguards Rule, which went into effect in 2003 and imposes data security obligations on financial institutions over which the Commission has jurisdiction, are based primarily on the cybersecurity regulations issued by the New York Department of Financial Services and the insurance data security model law issued by the National Association of Insurance Commissioners. Financial Privacy U.S.

Air Canada data breach – 20,000 users of its mobile app affected

Security Affairs

22-24, 2018, it added that financial data was protected but invited to remain vigilant for fraudulent credit card transactions. Credit cards that are saved to your profile are encrypted and stored in compliance with security standards set by the payment card industry or PCI standards.

Q&A: Sophos poll shows how attackers are taking advantage of cloud migration to wreak havoc

The Last Watchdog

But there’s no doubt that the exodus to a much greater dependency on hybrid cloud and multi-cloud resources – Infrastructure-as-a-Service ( IaaS ) and Platforms-as-a-Service ( PaaS ) – is in full swing. New cloud PaaS services, such as shared storage, containers, database services and serverless functions etc. typically cannot have a security agent running on them, so it’s left up to the organization to securely configure these services.

Cloud 125

A New Era for Data Protection

Thales eSecurity

The combination of our two companies creates the worldwide leader in digital security, protecting more data, transactions and identities than any other company and enabling tens of thousands of organizations to deliver trusted digital services to billions of individuals around the world. Global leadership in data encryption and key management. Global leadership in encryption for high-speed networks. It’s been an exciting week for everyone at Thales and Gemalto.

Cloud 55

NYDFS Files First Cybersecurity Enforcement Action

Hunton Privacy

On Wednesday, July 22, the New York Department of Financial Services (the “NYDFS”) announced that it had filed administrative charges against First American Title Insurance Co. NYCRR 500.15: The requirement to implement controls, including encryption, to protect NPI held or transmitted by the covered entity both in transit over external networks and at rest.

New Trickbot module implements Remote App Credential-Grabbing features

Security Affairs

The new variant is being spread via spam emails that pose as tax-incentive notification purporting to be from the financial services company Deloitte. Trickbot also uses the encryption for the strings implemented via simple variants of XOR or SUB routines and also borrowed from the Carberp trojan source code the use of API hashes for indirect API calling.

Federal Agency Data is Under Siege

Thales eSecurity

Its unique capabilities include the design and deployment of equipment, systems and services to meet complex security requirements. federal respondents used more than five Infrastructure-as-a-Service (IaaS) vendors.

Transition period under New York Cybersecurity Regulation ends March 1, 2019

Data Protection Report

The two-year transitional period under the New York State Department of Financial Services (“DFS””) Cybersecurity Regulation , 23 NYCRR 500 (the “Regulation”), will expire on March 1, 2019, with the final remaining requirement becoming effective. Third-party service provider risk management program. However, covered entities will not be required to certify their compliance with the Regulation’s third-party service provider risk management provisions until February 15, 2020.

Whatever the future of payments, you can trust in a lack of trust

Thales eSecurity

The concept of payment, at its most fundamental, is simply about people agreeing to exchange goods or services. However, no matter how innovative these services are when it comes to the social relationships or the legal arrangements on which they depend, their ultimate success still comes down to trust – or rather, the lack of it. For this to happen requires some form of encryption to underpin it, with strong key management and signatures to ensure integrity and non-repudiation.

List of data breaches and cyber attacks in July 2019 – 2.2 billion records leaked

IT Governance

Department of Health Services email hacked exposing patient data (14,591). Hackers breach SyTech, a contractor for Russia’s national intelligence service (unknown). Maitland, FL, dentist says five months of patient records encrypted by ransomware (unknown). DNA testing service Vitagene left customer records online for years (3,000). Unprotected server at Brazilian financial services provider exposes customer data (unknown). Financial information.

It’s time to think twice about retail loyalty programs

Thales eSecurity

We had some results this year from the 100+ US retail IT security professionals that were surveyed for the 2018 Thales Data Threat Report that differed from every other segment we polled (healthcare, federal government, financial services). When the Target and Home Depot breaches happened there was a sizeable hit for several quarters if I recall the financial results – perhaps that’s no longer a the case.

Chinese LuckyMouse APT has been using a digitally signed network filtering driver in recent attacks

Security Affairs

defense contractors and financial services firms worldwide. Security experts observed the LuckyMouse APT group using a digitally signed 32- and 64-bit network filtering driver NDISProxy in recent attacks.

Sorting Through the Whirlwind of News on the Proposed Equifax Settlement and Capital One Breach

ARMA International

The Consumer Financial Protection Bureau (CFPB) will get $100 million of that in civil penalties with another $175 million going to states and territories. Checking whether your data was affected and what compensation and services you may be entitled to is fairly easy (to find out, visit www.equifaxbreachsettlement.com ), but actually getting reimbursed may be tougher. On July 22, 2019, the Federal Trade Commission (FTC) announced that it had reached a proposed settlement.

FTC Seeks Comment on Proposed Changes to its GLBA Safeguards and Privacy Rules

Data Matters

Last week, the Federal Trade Commission (“FTC”) got into the act as well, releasing two notices of proposed rulemaking (“NPRM”) on potential changes to its the Standards for Safeguarding Customer Information (“Safeguards Rule”) and Privacy of Consumer Financial Information Rule (“Privacy Rule”) under the Gramm-Leach-Bliley Act. Cybersecurity Enforcement Financial Privacy FTC Information Security Policy

How Blockchain and Bitcoin Tech Will Fuel the Industrial IoT

Perficient Data & Analytics

In a recent interview with CNBC, Steve Chiavarone, VP at financial services firm Federated Investors said, “When you think about it from an enterprise perspective, blockchain has the ability to replace reconciliation, which is expensive and requires back office, and time, and paperwork — with more instantaneous verification.”.

US: Coronavirus – Cybersecurity considerations for your newly remote workforce

DLA Piper Privacy Matters

Where feasible, consider using encryption and secure file transfer platforms for the transmission of sensitive data. Some newer laws, such as the New York Department of Financial Services Cybersecurity Regulation, require MFA under certain circumstances.