New York DFS Warns Industry of Heightened Cyber-risks

Kramer Levin Naftalis & Frankel LLP

On April 13, the New York State Department of Financial Services (DFS) issued guidance to its regulated institutions on how to manage cyber-risks connected to remote working, amid a “significant” increase in cybercrime associated with the global COVID-19 pandemic. DFS recommends that companies use secure connections, including multifactor authentication and secure VPN connections for connecting to company networks or systems, and that employees use only company-issued devices that can be locked down remotely if needed.

Company devices should also include appropriate security technology, such as endpoint detection and response and mobile device management. Likewise, video- and audioconferencing software should be configured to limit unauthorized access, and employees should be trained on how to use it securely.

If companies have expanded their “bring your own device” policies to enable remote working, they should consider implementing compensating measures and device security. As for personal accounts and applications (such as email or mobile apps), DFS advises against using them to send nonpublic information, in order to prevent data losses.

DFS also has joined other state and federal regulators to warn of an increase in online fraud and phishing attempts related to COVID-19. Now that face-to-face work is limited, DFS recommends updating and training employees on authentication protocols for key actions such as security exceptions and wire transfers. Third-party risks should also be assessed in light of the challenges created by the pandemic.

DFS reminds regulated institutions that they are already required outside the current environment to assess cybersecurity risks, and to address them appropriately. If an incident qualifies as a “covered cybersecurity incident” under 23 NYCRR sec. 500.17(a), the regulated institution must report it to DFS “as promptly as possible” and within 72 hours at the latest.

[View source.]

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Kramer Levin Naftalis & Frankel LLP | Attorney Advertising

Written by:

Kramer Levin Naftalis & Frankel LLP

Kramer Levin Naftalis & Frankel LLP on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide