NYS To Emphasize Cybersecurity in Examinations
New York State’s Department of Financial Services issued a letter to all New York State chartered and licensed banking institutions yesterday informing them that cybersecurity will be an increased emphasis of the examination process. The Department’s head, Benjamin Lawsky said: “the Department encourages all institutions to view cybersecurity as an integral aspect of their overall risk management strategy rather than solely as a subset of information technology.”
The heightened examinations include:
- An analysis of an organization’s reporting structure for cybersecurity related issues;
- An organization’s management of cybersecurity issues including the interaction between information security and core business functions;
- An examination of information policies and procedures as well as assessing whether such policies are periodically reviewed in light of changing risks; and
- A requirement for protections against intrusion including the use of multi-factor authentication.
This list is by no means definitive and you should take a look at the entire letter.
Although the letter is applicable to all of New York State’s charges, its more detailed requirements are clearly geared to the largest institutions DFS regulates. An accompanying press release explains that “institutions will be examined as part of new, targeted DFS cybersecurity preparedness assessments.” Nevertheless, all New York State credit unions should be ready to demonstrate that they have cybersecurity policies commensurate with the risk posed with the services they provide and the vulnerability of their systems to cyber attacks. As I explained in a previous blog, cybersecurity preparedness has become a major point of emphasis for the DFS. Remember, hackers are demonstrating an increased interest in attacking small to medium sized financial institutions.
Since I am on the subject of cyber security here’s a post from the Motley Fool investment site that is worth a look. It explains what it thinks investors should expect banks to be investing in when it comes to building and maintaining a cyber infrastructure.
On that note, have a nice day.