New York’s State Department of Financial Services recently released its new NY cybersecurity regulations proposal. The proposal is broad, and it has been criticized for potentially raising costs for businesses and financial institutions covered by the proposal as they work to meet the new regulations.
Below are some key elements in the proposal along with services that cyber security managed service providers (MSPs) offer that can help you fulfill those regulatory requirements.
Key Aspects of the New Cybersecurity Proposal
The proposal includes guidelines for establishing a cyber security program and a cyber security policy, along with the following aspects:
Appointing a Chief Information Security Officer (CISO)
All businesses and institutions covered by the proposal must appoint a CISO who will oversee the creation of the cyber security program and policy. The CISO will report about the cyber security program and any existing material security risks to the business’s or institution’s board of directors or equivalent governing body.
What if you’re a small or mid-sized business that cannot afford to pay an extra executive salary? You can use Hi-Tek Data’s virtual CISO service to fill that void. This service can help you devise security solutions that will help you meet the proposal’s cybersecurity regulation requirements and reduce your security risks. Our virtual CISO service is tailored to work with your business’s specific personnel and meet its unique needs.
Risk Assessment
The proposal requires covered entities to conduct periodic risk assessments to make sure that your business’s cyber security program is effective. The risk assessment should be performed in accordance with your business’s written policies and procedures for this process. During the assessment, current security risks and risk controls should be noted, and solutions that mitigate the existing risk should be introduced.
Hi-Tek Data offers risk assessment services that can help you comply with this part of the proposal. When we perform a risk assessment for your network and find existing threats, we will provide operating system updates that will mitigate the risks that those threats pose to your network.
Our risk assessment services include intrusion detection, network traffic monitoring and management, and real-time reporting. Our virtual CISO services also include risk assessment services, so you can meet those two regulations with one managed security service.
Incident Response Plan
The proposal states that every covered entity must have an incident response plan for cyber security events that affect their information systems’ integrity, confidentiality, or availability. The plan should clearly define employees’ roles and responsibilities during a cyber security event as well as external and internal communications, the plan’s goals, and its overall processes.
An incident response plan can be covered by our business continuity planning and disaster recovery services. With these services, we will help you identify which of your systems are most critical for getting your system up and running after a cyber security event. Then we can work with you to implement a plan for resurrecting those systems and helping you and your colleagues plan for your business’s long-term recovery.
Cyber Security Training
The new proposal also states that employees at covered entities should receive cyber security training so that they can recognize threats and risks. This training should be offered regularly, and it should keep the entity’s personnel up to date on current cybersecurity threats and preventative measures.
Hi-Tek Data offers security awareness training that includes comprehensive training courses to teach your employees about current cyber threats. These services also include phishing identification tests and email security techniques. We provide both onsite and remote security training with flexible scheduling so that our clients can increase their threat intelligence no matter where they are.
Penetration Testing and Vulnerability Assessments
Under the regulations in the new proposal, covered entities must perform penetration testing and vulnerability assessments to test how well their cyber security programs combat cyber threats. Vulnerability assessments analyze the current structure of a network’s cyber security systems and software. Penetration testing puts the network’s security measures through simulated threats to expose any weaknesses in them before a real cyber attack tries to penetrate them.
We can offer you penetration testing and vulnerability assessments that will help you determine how well your network responds to simulated cyber threats. These tests and assessments will ensure that your network is prepared when real cyber threats arise.
Helping Your Business Comply with NY Cybersecurity Regulations and Laws
At Hi-Tek Data, we provide your network with standard-compliant services that will help you meet these new regulations. Contact us today to find out which of our services best fits your business’s needs and will help you become compliant with this proposal.