Annual Reports Due for Most New York DFS-Affiliated Organizations

Al Alper, founder and CEO of Absolute Logic (www.absolutelogic.com), a firm providing IT security, technical support, and technology consulting to Connecticut and New York businesses since 1991, reminds all businesses that fall under jurisdiction of New York State’s Department of Financial Services (DFS) that March 1 is the next deadline associated with the now year-old 23 NYCRR 500, which puts in place a system of cybersecurity measures for these specific organizations. By March 1, Chief Information Security Officers (CISOs) of these organizations are required to deliver an annual report to the board or governing body of their company highlighting the company’s compliance with 23 NYCRR 500.

Additionally, companies subject to the full regulations must also begin conducting annual penetration testing, bi-annual vulnerability assessments and periodic risk assessments, as well as establish multifactor authentication (if needed) and provide regular cybersecurity awareness training for all personnel. Additional transitional time periods will end on September 3, 2018, and March 1, 2019.

The swath of organizations that is affected is wide: the DFS oversees banks and trust companies; budget planners; charitable foundations; check cashers; credit unions; domestic representative offices; foreign agencies; foreign bank branches; foreign representative offices; health insurers, accident and related entities; holding companies; investment companies; licensed lenders; life insurance companies; money transmitters; mortgage bankers; mortgage brokers; mortgage loan originators; mortgage loan servicers; New York State regulated corporations; premium finance agencies; private bankers; property and casualty insurance companies; safe deposit companies; sales finance companies; savings banks and savings and loans associations (S&Ls); and service contract providers.

As a result of 23 NYCRR 500, which went into effect March 1, 2017, these organizations should have established and be maintaining a cybersecurity program and cybersecurity policies, have designated a qualified individual (internal or outsourced) to serve as CISO, be limiting user-access privileges as part of the cybersecurity program, be utilizing qualified cybersecurity personnel, have established a written incident-response plan, have notified the DFS of cybersecurity events as required, and have filed a notice of exemption (if applicable). Most recently, companies were required to submit their annual certification of compliance, which was due February 15.

“Regardless of whether your organization falls under DFS jurisdiction, a strong cybersecurity posture just makes good business sense,” said Alper. “But if you are a New York state organization that reports to the Department of Financial Services, be sure your CISO is compiling this annual report that demonstrates compliance with each of the new regulation’s deadlines over the past year.

“23 NYCRR 500 is a great roadmap for just about any organization to follow when it comes to cybersecurity, and the resources that are committed to these efforts now are but a small investment to ward off future potential cyber-attacks, and to position your company to be as well-protected and prepared as possible,” Alper added.

About Absolute Logic

Since 1991, Absolute Logic has been providing Fortune 500-style security and IT services, technical support and technology consulting to businesses of up to 250 employees. Absolute Logic has recently launched CyberGuard 360, a strong cybersecurity protection suite of technology services. The company was also designated as a Champion of National Cyber Security Awareness Month (NCSAM) 2017 and has expansive experience with and knowledge of New York State’s Department of Financial Services’ new cybersecurity regulations (23 NYCRR 500).

The firm’s original client base was comprised largely of independent insurance agencies, law firms and dental practices; today, these industries remain a key part of the company’s clientele, but Absolute Logic has expanded its scope of services to represent more than 40 different industries. Services include managed IT services and consulting, cloud computing, virtualization, email and spam protection, backup and disaster recovery, VoIP solutions, network security, and more. Absolute Logic serves the IT and related needs of Connecticut and New York. Founder and CEO Al Alper is a national speaker on IT and security issues and has authored several articles and books; his recent one being “Revealed! The Secrets to Protecting Yourself from Cyber-Criminals.” To obtain a copy, or to request Al Alper as a speaker for a business organization, please call (203) 936-6680. Absolute Logic maintains corporate offices at 44 Old Ridgefield Road, Suite 216, Wilton, CT, and operates a satellite location at 300 International Drive, Suite 100, in Williamsville, NY. Please visit the firm’s website at www.absolutelogic.com, and follow the company on Facebook and Twitter.