In March of 2017, New York became the first to enact state-mandated cyber security guidelines. First proposed by the New York Department of Financial Services in 2016, these guidelines include 23 sections discussing specific safeguards financial institutions must have in place including data encryption, multi-factor authentication, security training for employees, appointment of a chief information security officer, and annual evaluations by a senior officer.

These rules will be mandatory for any company regulated by the state Department of Financial Services as well as third party vendors which have access to those firms’ data. Affected companies have been given 6 months to comply.

In a statement, New York Governor Andrew Cuomo declared New York the financial capital of the world, and stressed the importance of protecting consumers and financial institutions from the ever-growing threat of cyber-attacks.

With the concentration of financial institutions in New York, it is not surprising that the state is a front runner in requiring additional regulations. Due to the sheer number of firms affected, this change may help shape future cyber security guidelines across the nation.

Financial institutions already following standard FINRA and GLBA guidelines are unlikely to be surprised by the new mandated regulations. These regulations have been described as a more detailed version of the industry’s existing best practice. The biggest difference may be the hard deadline for compliance, which has left some in the industry scrambling for how best to enact all required points in a 6 month timeframe.

While some smaller firms are exempt from certain regulatory guidelines, the logic behind them remains. The information collected and stored by financial institutions is highly sensitive and valuable to cyber criminals, and needs to be properly safeguarded whether the firm has 100 clients or 100,000.

[Business Name] offers effective cyber security services for an affordable monthly fee, addressing continuous monitoring, reporting and reviewing access privileges, conducting vulnerability assessments and creating policies so you are in compliance with this regulation. This program helps ensure that guidelines for best practice are met, whether they are mandatory or not. In the field of cyber security, it is better to exceed guidelines than to be under prepared in the case of an attempted breach.

For firms based in New York, the deadline is looming and the time is now to take action. Elsewhere, it’s never too early (or too late) to be sure that guidelines are met and best practices are in place. Contact [Business Name] today to see if we can work together to keep your customers safe and secure, and your business in compliance with required guidelines.