NY DFS Issues Guidance to Regulated Entities for Cybersecurity in the Remote Work Environment

Theodore Augustinos
Locke Lord LLP
Contact
LinkedIn
Facebook
X
Send
Embed

Reminding NY DFS regulated entities that its Cybersecurity Regulation (23 NYCRR Part 500) requires assessment of cybersecurity risk, and the reporting of certain cybersecurity events within 72 hours, the DFS issued guidance specific to the current COVID-19 pandemic.  The DFS guidance is appropriate for any business, whether or not subject to the NY Regulation.  The DFS also warned of heightened cyber risks in the current environment as criminals seek to exploit the situation.

Through its guidance (https://www.dfs.ny.gov/industry_guidance/industry_letters/il20200413_covid19_cybersecurity_awareness) issued last week, the DFS highlighted the following:

  • Remote working, implemented abruptly, has exposed new vulnerabilities. Businesses should make sure connections to their systems and data are secure, using secure VPN connections and multi-factor authentication.
  • Devices used to conduct business, whether new or repurposed (including computers, phones and other devices) must have appropriate administrative and technical safeguards, such as appropriate security software, and the inability to add or delete apps.
  • Consider carefully the Bring Your Own Device (BYOD) policy in view of the need to expand the use of personal devices for conducting business remotely. Some personal devices may have been compromised before they were used for working remotely.  Consider appropriate security solutions and compensating controls.
  • Properly configure video and audio conferencing tools, which may have vulnerabilities that have been exploited by cybercriminals.
  • Anticipate and avoid work-arounds that personnel could develop to help get their jobs done, which may introduce vulnerabilities. Work-arounds can include the use of personal online accounts rather than company systems.  Remind personnel of company safeguards and potential threats.
  • Update awareness training and other protocols to protect against the increase in online fraud and phishing related to COVID-19. Fraudulent requests for charitable contributions, purported government relief offers and fake information from the CDC and others have proliferated.
  • Coordinate with critical vendors, which are facing the same challenges, to determine how they are adequately addressing the new risks.
Send Print Report

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Locke Lord LLP | Attorney Advertising

Written by:

Locke Lord LLP
Locke Lord LLP
Contact
more
less

PUBLISH YOUR CONTENT ON JD SUPRA NOW

  • Increased visibility
  • Actionable analytics
  • Ongoing guidance

Locke Lord LLP on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign Up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide