New York Cybersecurity Regulations You Should Know About

How Cybersecurity Awareness Month Can Protect Your Business

New York’s State Department of Financial Services recently released its new NY cybersecurity regulations proposal. The proposal is broad, and it has been criticized for potentially raising costs for businesses and financial institutions covered by the proposal as they work to meet the new regulations. 

Below are some key elements in the proposal along with services that cybersecurity managed service providers (MSPs) offer that can help you fulfill those regulatory requirements.

Key Aspects of the New Cybersecurity Proposal

The proposal includes guidelines for establishing a cybersecurity program and a cybersecurity policy, along with the following aspects:

Appointing a Chief Information Security Officer (CISO)

All businesses and institutions covered by the proposal must appoint a CISO who will oversee the creation of the cybersecurity program and policy. The CISO will report about the cybersecurity program and any existing material security risks to the business’s or institution’s board of directors or equivalent governing body.

What if you’re a small or mid-sized business that cannot afford to pay an extra executive salary? You can use Hi-Tek Data’s virtual CISO service to fill that void. This service can help you devise security solutions that will help you meet the proposal’s regulation requirements and reduce your security risks. Our virtual CISO service is tailored to work with your business’s specific personnel and meet its unique needs.

Risk Assessment

The proposal requires covered entities to conduct periodic risk assessments to make sure that your business’s cybersecurity program is effective. The risk assessment should be performed in accordance with your business’s written policies and procedures for this process. During the assessment, current security risks and risk controls should be noted, and solutions that mitigate the existing risk should be introduced.

Hi-Tek Data offers risk assessment services that can help you comply with this part of the proposal. When we perform a risk assessment for your network and find existing threats, we will provide operating system updates that will mitigate the risks that those threats pose to your network. 

Our risk assessment services include intrusion detection, network traffic monitoring and management, and real-time reporting. Our virtual CISO services also include risk assessment services, so you can meet those two regulations with one managed security service.

Incident Response Plan

The proposal states that every covered entity must have an incident response plan for cybersecurity events that affect their information systems’ integrity, confidentiality, or availability. The plan should clearly define employees’ roles and responsibilities during a cybersecurity event as well as external and internal communications, the plan’s goals, and its overall processes.

An incident response plan can be covered by our business continuity planning and disaster recovery services. With these services, we will help you identify which of your systems are most critical for getting your system up and running after a cybersecurity event. Then we can work with you to implement a plan for resurrecting those systems and helping you and your colleagues plan for your business’s long-term recovery.

Cybersecurity Training

The new proposal also states that employees at covered entities should receive cybersecurity training so that they can recognize threats and risks. This training should be offered regularly, and it should keep the entity’s personnel up to date on current cybersecurity threats and preventative measures.

Hi-Tek Data offers security awareness training that includes comprehensive training courses to teach your employees about current cyberthreats. These services also include phishing identification tests and email security techniques. We provide both onsite and remote security training with flexible scheduling so that our clients can increase their threat intelligence no matter where they are.

Penetration Testing and Vulnerability Assessments

Under the regulations in the new proposal, covered entities must perform penetration testing and vulnerability assessments to test how well their cybersecurity programs combat cyberthreats. Vulnerability assessments analyze the current structure of a network’s cybersecurity systems and software. Penetration testing puts the network’s security measures through simulated threats to expose any weaknesses in them before a real cyberattack tries to penetrate them.

We can offer you penetration testing and vulnerability assessments that will help you determine how well your network responds to simulated cyberthreats. These tests and assessments will ensure that your network is prepared when real cyberthreats arise.

Helping Your Business Comply with NY Cybersecurity Laws and Regulations

At Hi-Tek Data, we provide your network with standard-compliant services that will help you meet these new regulations. Contact us today to find out which of our services best fits your business’s needs and will help you become compliant with this proposal.

RECENT POSTS

CATEGORIES

Request Information


How Managed IT Services Can Help Your Business How IT Support Services Can Help You with Business Optimization Why the Break/Fix Model Doesn't Work Why the Break/Fix Model Doesn’t Work