NYS To Emphasize Cybersecurity in Examinations

December 11, 2014 at 8:22 am 4 comments

New York State’s Department of Financial Services issued a letter to all New York State chartered and licensed banking institutions yesterday informing them that cybersecurity will be an increased emphasis of the examination process. The Department’s head, Benjamin Lawsky said: “the Department encourages all institutions to view cybersecurity as an integral aspect of their overall risk management strategy rather than solely as a subset of information technology.”

The heightened examinations include:

  • An analysis of an organization’s reporting structure for cybersecurity related issues;
  • An organization’s management of cybersecurity issues including the interaction between information security and core business functions;
  • An examination of information policies and procedures as well as assessing whether such policies are periodically reviewed in light of changing risks; and
  • A requirement for protections against intrusion including the use of multi-factor authentication.

This list is by no means definitive and you should take a look at the entire letter.

Although the letter is applicable to all of New York State’s charges, its more detailed requirements are clearly geared to the largest institutions DFS regulates.  An accompanying press release explains that “institutions will be examined as part of new, targeted DFS cybersecurity preparedness assessments.”  Nevertheless, all New York State credit unions should be ready to demonstrate that they have cybersecurity policies commensurate with the risk posed with the services they provide and the vulnerability of their systems to cyber attacks. As I explained in a previous blog, cybersecurity preparedness has become a major point of emphasis for the DFS.  Remember, hackers are demonstrating an increased interest in attacking small to medium sized financial institutions.

Since I am on the subject of cyber security here’s a post from the Motley Fool investment site that is worth a look. It explains what it thinks investors should expect banks to be investing in when it comes to building and maintaining a cyber infrastructure.

On that note, have a nice day.

Entry filed under: Compliance, New York State, Regulatory, technology. Tags: , , .

When does the public need to know about a data breach? Dysfunctional Congress Throws Credit Unions a Bone

4 Comments Add your own

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Trackback this post  |  Subscribe to the comments via RSS Feed


Authored By:

Henry Meier, Esq., General Counsel, New York Credit Union Association.

The views Henry expresses are Henry’s alone and do not necessarily reflect the views of the Association.

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Join 446 other followers

Archives