NY Dpt. Of Financial Services Issues Guidance Identifying Heightened COVID-19 Cybersecurity Risks

Fox Rothschild LLP
Contact
LinkedIn
Facebook
X
Send
Embed

Fox Rothschild LLP

Citing a “significant increase in cybercrime” during the COVID-19 pandemic, the New York Department of Financial Services (DFS) issued guidance to all New York State regulated entities identifying areas of heightened cybersecurity risks. DFS advised regulated entities they should assess and address these areas as per cybersecurity regulation 23 NYCRR Part 500.

Heightened Risk #1: Remote Working. Cyber criminals are exploiting the abrupt shift to remote working due to COVID-19.

  • Secure Connections. Make remote access as secure as reasonably possible including the use of multi-factor authentication and secure VPN connections that encrypt all data in transit.
  • Company-Issued Devices. Computers and phones for remote working should be secured by preventing users from adding or deleting apps and by installing security software.
  • Bring Your Own Device (BYOD) Expansion. Because some personal devices are not properly secured or are already compromised, consider compensating by increasing controls.
  • Remote Working Communications. Video and audio conferencing are on the rise during the pandemic. Whenever possible, configure the tools to limit unauthorized access and provide guidance to employees on how to securely use them.
  • Data Loss Prevention. Remind employees not to send nonpublic information to personal email accounts and devices.

Heightened Risk #2: Increased Phishing and Fraud. Criminals have significantly increased online fraud and phishing attempts related to COVID-19.

  • Employees. Remind employees to be alert for phishing and fraud emails.
  • Training. Provide phishing training and testing as soon as practicable.
  • Authentication Protocols. Determine if authentication protocols need to be updated, especially for actions like security exceptions and wire transfers.

Heightened Risk #3: Third-Party Risk. Cybersecurity challenges during COVID-19 have also affected third-party vendors.

  • Third-party vendors. Regulated entities should reevaluate the cyber risks to critical vendors and determine how they are adequately addressing the new risks.

Finally, DFS cautioned regulated entities to stay vigilant during COVID-19 because by following good cybersecurity practices they can identify, mitigate, and manage risks.

[View source.]

Send Print Report

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Fox Rothschild LLP | Attorney Advertising

Written by:

Fox Rothschild LLP
Fox Rothschild LLP
Contact
more
less

PUBLISH YOUR CONTENT ON JD SUPRA NOW

  • Increased visibility
  • Actionable analytics
  • Ongoing guidance

Fox Rothschild LLP on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign Up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide