New York DFS Cybersecurity Rules Take Effect March 1

New York’s 23 NYCRR 500 Cybersecurity rule goes into effect on March 1, 2017 requiring banks and other financial services companies to establish and maintain a cybersecurity program designed to protect consumers and ensure the safety and soundness of the state’s financial services industry.

Social Engineering & Ransomware

If you were asked to describe a hacker, what image comes to mind? If you’re like most, you are probably picturing unintelligible text flying across a monitor as young men in black hoodies attempt to break into networks, engaging in a very technical dance and speaking in terms the average layperson would not understand.

SEC: Prioritizing Cybersecurity

The SEC has expanded its cybersecurity examinations to include testing of firms’ implementation of procedures and controls

Encrypted? So What, Says Tennessee

In a first for the country’s growing body of state breach notification laws, Tennessee has recently amended its law to require notification even if the information subject to a breach was encrypted, and regardless of whether the encryption key itself … Read more

Cybersecurity: Time’s Up!

For some attacks, the amount of time to compromise and exfiltrate data is measured in seconds. Time is of the essence when a potential incident occurs.

Corporate Responsibility For Cybersecurity

Introduction Financial services are target No. 1. That was confirmed in a 2014 SEC cybersecurity roundtable when Larry Zelvin, then a top cybersecurity official of the U.S. Department of Homeland Security, laid out the agency’s rankings of the nation’s most … Read more

Passwords: Long is Strong

Introduction It seems like there’s a new data breach in the news every other week. The fact is that hacking tools become more advanced everyday—and it’s hard to keep up and stay safe. Passwords today are less secure than they … Read more