Encryption, Financial Services, Insurance and Training

Historic Charges: First Enforcement Action Filed by New York Department of Financial Services Under Cybersecurity Regulation

Data Matters

AUGUST 19, 2020

On July 21, 2020, the New York State Department of Financial Services (NYDFS or the Department) issued a statement of charges and notice of hearing (the Statement) against First American Title Insurance Company (First American) for violations of the Department’s Cybersecurity Requirements for Financial Services Companies, 23 N.Y.C.R.R.

Financial Services

Financial Services Cybersecurity Insurance Risk

NYDFS Imposes Fine of $5 Million on Carnival for Cybersecurity Breaches

Hunton Privacy

JULY 1, 2022

On June 24, 2022, the New York State Department of Financial Services (“NYDFS” or the “Department”) announced it had entered into a $5 million settlement with Carnival Corp. Since Carnival was licensed by the Department to sell insurance in NY State, it was treated as a covered entity under the Cybersecurity Regulation.

Cybersecurity

Cybersecurity Insurance Phishing Financial Services

New York Regulators Call on Insurers to Strengthen the Cyber Underwriting Process

Hunton Privacy

FEBRUARY 25, 2021

As reported on the Hunton Insurance Recovery blog , on February 4, 2021, the New York Department of Financial Services (“NYDFS”), which regulates the business of insurance in New York, has issued guidelines, in the Insurance Circular Letter No. sought coverage for expenses under its property insurance policy.

Insurance

Insurance Cybersecurity Risk Education

Webinars

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

MORE WEBINARS

Security Compliance & Data Privacy Regulations

eSecurity Planet

AUGUST 9, 2022

are subject to laws such as the Health Insurance Portability and Accountability Act (HIPAA) and the Health Information Technology for Economic and Clinical Health Act (the HITECH Act), as well as regulations such as the Clinical Laboratory Improvements Amendments (CLIA). See the Best Cybersecurity Awareness Training for Employees.

Data Privacy

Data Privacy Compliance Privacy Security

Cybersecurity Standards for the Insurance Sector – A New Patchwork Quilt in the US?

HL Chronicle of Data Protection

MAY 13, 2019

In the past two years, multiple state bills that have been introduced in the US to provide for cybersecurity requirements and standards to the insurance sector, with recent legislative activity taking place in particular within the States of Ohio, South Carolina, and Michigan. NYDFS: Setting a new bar for state cybersecurity regulation.

Insurance

Insurance Cybersecurity Data breaches Financial Services

What is a Cyberattack? Types and Defenses

eSecurity Planet

JUNE 16, 2022

Cyber criminals may damage, destroy, steal, encrypt, expose, or leak data as well as cause harm to a system. Encrypted threats spiked 167%, ransomware increased 105%, and 5.4 In May, cybersecurity researchers revealed that ransomware attacks are increasing their aggressive approach by destroying data instead of encrypting it.

Ransomware

Ransomware Cybersecurity Phishing Encryption

What is Cybersecurity Risk Management?

eSecurity Planet

FEBRUARY 11, 2022

The simplest example may be insurance. Life, health, auto, and other insurance are all designed to help a person protect against losses. Advanced Encryption. Though data encryption is helpful against outside breaches, it does little to protect against internal data theft. What is Cybersecurity Risk Management?

Risk

Risk Cybersecurity Encryption Access

NYDFS Files First Cybersecurity Enforcement Action

Hunton Privacy

JULY 24, 2020

On Wednesday, July 22, the New York Department of Financial Services (the “NYDFS”) announced that it had filed administrative charges against First American Title Insurance Co. under the NYDFS Cybersecurity Regulation , marking the agency’s first enforcement action since the rules went into effect in March 2017. NYCRR 500.14(b):

Cybersecurity

Cybersecurity Risk Financial Services Insurance

DOL Puts Plan Sponsors and Other Fiduciaries on Notice: ERISA Requires Appropriate Precautions to Mitigate Cybersecurity Threats

Data Matters

APRIL 20, 2021

DOL guidance provides a series of questions that should serve as a starting point for this review and includes topics such as the service provider’s information security standards, track record, cybersecurity insurance coverage, and cybersecurity validation techniques.

Cybersecurity

Cybersecurity Insurance Risk Compliance

Ransomware Protection in 2021

eSecurity Planet

FEBRUARY 16, 2021

All of your files are encrypted with RSA-2048 and AES-128 ciphers.” ” Or you might see a readme.txt stating, “Your files have been replaced by these encrypted containers and aren’t accessible; you will lose your files on [enter date] unless you pay $2500 in Bitcoin.” IMPORTANT INFORMATION !!! Spam Filter.

Ransomware

Ransomware Encryption Insurance Cloud

The Week in Cyber Security and Data Privacy: 8 – 14 January 2024

IT Governance

JANUARY 16, 2024

GB Rebekah Children’s Services Source (New) Non-profit USA Yes 2,805 Butte School District Source 1 ; source 2 (Update) Education USA Yes 2,658 Dignity Health Nevada St. Source (New) Real estate USA Yes 10 GB Unitex Source (New) Manufacturing USA Yes 9.5

Data Privacy

Data Privacy Privacy Manufacturing Retail

New York Publishes FAQs and Key Dates for Cybersecurity Regulation

Hunton Privacy

APRIL 27, 2017

Earlier this month, the New York State Department of Financial Services (“NYDFS”) recently published FAQs and key dates for its cybersecurity regulation (the “NYDFS Regulation”) for financial institutions that became effective on March 1, 2017. September 3, 2018 – the eighteen month transitional period ends.

Cybersecurity

Cybersecurity Compliance Financial Services Insurance

FTC Seeks Comment on Proposed Changes to its GLBA Safeguards and Privacy Rules

Data Matters

MARCH 12, 2019

Of particular note, the Safeguards Rule NPRM proposes to align the FTC’s requirements with those of the New York Department of Financial Services (“NYDFS”), as found in its cybersecurity regulations, and the National Association of Insurance Commissioners (“NAIC”), as found in its insurance data security model law.

Privacy

Privacy IT Information Security Insurance

Transition period under New York Cybersecurity Regulation ends March 1, 2019

Data Protection Report

JANUARY 7, 2019

The two-year transitional period under the New York State Department of Financial Services (“DFS””) Cybersecurity Regulation , 23 NYCRR 500 (the “Regulation”), will expire on March 1, 2019, with the final remaining requirement becoming effective.

Cybersecurity

Cybersecurity Compliance Financial Services Risk

FTC Seeks Comment on Proposed Changes to GLBA Implementing Rules

HL Chronicle of Data Protection

MARCH 14, 2019

Employee training. Under the proposed Rule, FIs would be required to provide personnel with security awareness training that is updated to reflect risks identified by the FI’s risk assessment. Specific information security measures. The proposed Rule is much more detailed in terms of security measures that FIs must implement.

Privacy

Privacy Risk Cybersecurity Information Security

China’s PIPL has finally arrived, and brings helpful clarification (rather than substantial change) to China’s data privacy framework

DLA Piper Privacy Matters

AUGUST 23, 2021

The PIPL includes a specific obligation on data controllers to adopt corresponding encryption or deidentification technologies, and to adopt access controls and training. Training : organisations must provide data privacy training. Compliance audits : these must be undertaken regularly.

Data Privacy

Data Privacy Privacy Compliance Analytics

US: Coronavirus – Cybersecurity considerations for your newly remote workforce

DLA Piper Privacy Matters

APRIL 2, 2020

Awareness and Training. Various laws and best practices speak of the need to train network users on the latest security best practices. Where feasible, consider using encryption and secure file transfer platforms for the transmission of sensitive data. The views expressed below do not constitute legal advice.

Cybersecurity

Cybersecurity Phishing Authentication Access

Top GRC Tools & Software for 2021

eSecurity Planet

JANUARY 21, 2021

LogicManager’s GRC solution has specific use cases across financial services, education, government, healthcare, retail, and technology industries, among others. Financial reporting compliance. Insurance & claims management. Additionally, Forrester named it a Contender in its Q1 2020 GRC Wave. LogicManager.

Compliance

Compliance Risk Government Retail

Top 10 Governance, Risk and Compliance (GRC) Vendors

eSecurity Planet

JANUARY 21, 2021

LogicManager’s GRC solution has specific use cases across financial services, education, government, healthcare, retail, and technology industries, among others. Financial reporting compliance. Insurance & claims management. Additionally, Forrester named it a Contender in its Q1 2020 GRC Wave. LogicManager.

Compliance

Compliance Risk Government Retail

US: Surviving the service provider data breach

DLA Piper Privacy Matters

JULY 30, 2019

Some states – such as Alabama, Massachusetts and New York (for financial services companies) – prescribe particular requirements of a “reasonable” cybersecurity program. At least nine states expressly extend these requirements to service providers. Proof of adequate cyber insurance coverage.

Data breaches

Data breaches Cybersecurity Financial Services Risk

An Approach to Cybersecurity Risk Oversight for Corporate Directors

Data Matters

APRIL 23, 2018

Encrypting critical data assets. Board-management discussions about cyber risk should include identification of which risks to avoid, which to accept, and which to mitigate or transfer through insurance, as well as specific plans associated with each approach. Encrypting Critical Data Assets. Using appropriate access controls.

Cybersecurity

Cybersecurity Risk Passwords Authentication

The Hacker Mind Podcast: Going Passwordless

ForAllSecure

JANUARY 19, 2022

Vamosi: In the 1970s, while working for Bell Labs, Robert Morris Sr came up with the idea of a one way algorithm, a means of encryption that can’t easily be decrypted. Moffatt: And the subtle difference between encrypting a password and hashing the f1 the cards encrypted, let's just throw cryptography at this problem.

Passwords

Passwords Authentication Access Data breaches

Best Digital Forensics Tools & Software for 2021

eSecurity Planet

AUGUST 13, 2021

With their Digital Intelligence Investigative Platform, Cellebrite boasts services that unify the investigative lifecycle and preserve digital evidence. Be it advanced locks, encryption barriers, or deleted and unknown content, the UFED (Universal Forensic Extraction Device) can extract physical and logical data.

e-Discovery

e-Discovery Computer and Electronics Marketing Compliance

Information Management Today

Historic Charges: First Enforcement Action Filed by New York Department of Financial Services Under Cybersecurity Regulation

NYDFS Imposes Fine of $5 Million on Carnival for Cybersecurity Breaches

Webinars

Trending Sources

New York Regulators Call on Insurers to Strengthen the Cyber Underwriting Process

Webinars

Security Compliance & Data Privacy Regulations

Cybersecurity Standards for the Insurance Sector – A New Patchwork Quilt in the US?

What is a Cyberattack? Types and Defenses

What is Cybersecurity Risk Management?

NYDFS Files First Cybersecurity Enforcement Action

DOL Puts Plan Sponsors and Other Fiduciaries on Notice: ERISA Requires Appropriate Precautions to Mitigate Cybersecurity Threats

Ransomware Protection in 2021

The Week in Cyber Security and Data Privacy: 8 – 14 January 2024

New York Publishes FAQs and Key Dates for Cybersecurity Regulation

FTC Seeks Comment on Proposed Changes to its GLBA Safeguards and Privacy Rules

Transition period under New York Cybersecurity Regulation ends March 1, 2019

FTC Seeks Comment on Proposed Changes to GLBA Implementing Rules

China’s PIPL has finally arrived, and brings helpful clarification (rather than substantial change) to China’s data privacy framework

US: Coronavirus – Cybersecurity considerations for your newly remote workforce

Top GRC Tools & Software for 2021

Top 10 Governance, Risk and Compliance (GRC) Vendors

US: Surviving the service provider data breach

An Approach to Cybersecurity Risk Oversight for Corporate Directors

The Hacker Mind Podcast: Going Passwordless

Best Digital Forensics Tools & Software for 2021

Stay Connected