As the center of the US financial industry, New York State has plenty of reasons to want to protect financial institutions and their customers against the constant threat of cyber attacks. Six months ago, it released the country’s first state-mandated cybersecurity regulations. This month, it followed up with a series of regulations for banks, hedge funds, insurers, and financial institutions that significantly expands the type and amount of data they need to protect, and what they must to do to ensure that protection. In particular, the regulations require financial services firms to:
- Enforce the broad implementation of encryption
- Restrict access privileges to both systems and data
- Provide for the retention and “timely destruction” of non-public information
- Designate a qualified chief information security officer to oversee implementation
When the financial service industry pioneers best practices for cybersecurity, less heavily regulated industries tend to follow quickly. No matter what your business does, we recommend you learn more about these requirements, then contact us for help putting them into practice.