Al Alper
Al Alper, founder and CEO of Absolute Logic (www.absolutelogic.com), a firm providing IT security, technical support, and technology consulting to Connecticut and New York businesses since 1991, reminds all businesses that fall under jurisdiction of New York State’s Department of Financial Services (DFS) that one week from today is the deadline for submitting their first annual certification of compliance with 23 NYCRR 500. This effort will prove that businesses have achieved the expectations regarding the implementation of cybersecurity initiatives and protocols.
The swath of organizations that is affected is wide: the DFS oversees banks and trust companies; budget planners; charitable foundations; check cashers; credit unions; domestic representative offices; foreign agencies; foreign bank branches; foreign representative offices; health insurers, accident and related entities; holding companies; investment companies; licensed lenders; life insurance companies; money transmitters; mortgage bankers; mortgage brokers; mortgage loan originators; mortgage loan servicers; New York State regulated corporations; premium finance agencies; private bankers; property and casualty insurance companies; safe deposit companies; sales finance companies; savings banks and savings and loans associations (S&Ls); and service contract providers.
As a result of 23 NYCRR 500, which went into effect March 1, 2017, these organizations should have established and be maintaining a cybersecurity program and cybersecurity policies, have designated a qualified individual (internal or outsourced) to serve as Chief Information Security Officer (CISO), be limiting user-access privileges as part of the cybersecurity program, be utilizing qualified cybersecurity personnel, have established a written incident-response plan, have notified the DFS of cybersecurity events as required, and have filed a notice of exemption (if applicable). As February 15approaches, affected businesses need to act quickly to ensure that they have complied with these requirements; fines will be fast and heavy for organizations that are found to be non-compliant.
Immediately following that deadline, CISOs are required to deliver an annual report to the board or governing body of the company by March 1; companies subject to the full regulations must also begin conducting annual penetration testing, bi-annual vulnerability assessments and periodic risk assessments, as well as establish multifactor authentication (if needed) and provide regular cybersecurity awareness training for all personnel. Additional transitional time periods will end on September 3, 2018, and March 1, 2019.
“Regardless of whether your organization needs to meet the February 15 deadline, effective cybersecurity just makes good business sense,” said Alper. “But if you are a New York state organization that reports to the Department of Financial Services, be sure to quickly evaluate your current cybersecurity posture, determine where your potential shortfalls are, button up your cybersecurity efforts and certify the organization’s compliance by February 15.
“Use 23 NYCRR 500 to your advantage – as a tool that makes sure nothing is overlooked in terms of cybersecurity, and provides constant incentives for continued improvements,” Alper added.
About Absolute Logic
Since 1991, Absolute Logic has been providing Fortune 500-style security and IT services, technical support and technology consulting to businesses of up to 250 employees. Absolute Logic has recently launched CyberGuard 360, a strong cybersecurity protection suite of technology services. The company was also designated as a Champion of National Cyber Security Awareness Month (NCSAM) 2017 and has expansive experience with and knowledge of New York State’s Department of Financial Services’ new cybersecurity regulations (23 NYCRR 500).
The firm’s original client base was comprised largely of independent insurance agencies, law firms and dental practices; today, these industries remain a key part of the company’s clientele, but Absolute Logic has expanded its scope of services to represent more than 40 different industries. Services include managed IT services and consulting, cloud computing, virtualization, email and spam protection, backup and disaster recovery, VoIP solutions, network security, and more. Absolute Logic serves the IT and related needs of Connecticut and New York. Founder and CEO Al Alper is a national speaker on IT and security issues and has authored several articles and books; his recent one being “Revealed! The Secrets to Protecting Yourself from Cyber-Criminals.” To obtain a copy, or to request Al Alper as a speaker for a business organization, please call (203) 936-6680. Absolute Logic maintains corporate offices at 44 Old Ridgefield Road, Suite 216, Wilton, CT, and operates a satellite location at 300 International Drive, Suite 100, in Williamsville, NY. Please visit the firm’s website at www.absolutelogic.com, and follow the company on Facebook and Twitter.