We are all aware of federal compliance regulations when it comes to the privacy and security of our information. For example, you’d be hard pressed to find someone who hasn’t heard of HIPAA. Yet are you aware that regulations have been put in place at the state level that have the same goal – to protect our security and privacy?
This month (March 2019), the state of New York reached the end date for the Cybersecurity Regulation of the New York Department of Financial Services (NYDFS) regulations. These required third-party service providers to meet certain requirements that address their data security and compliance. A two-year time frame was provided to allow those banking, insurance, and other institutions that fell under the Covered Entities title to reach that compliance measure. The window to meet the Cybersecurity Regulation of the New York Department of Financial Services (NYDFS) was established with a generous frame due to the complexity of the process, so anyone not meeting that deadline will be a target for enforcement.
Written policies and procedures take time and finding qualified people to first learn your business and establish your compliance is not something you can take on lightly. The NYDFS required identification, risk assessment, establishing minimum cybersecurity practices that include encryption, controlled access, contractual protection, and finally due diligence processes to evaluate cybersecurity practices of third-party vendors.
As of today, 50 states have varying legislatures enacted that outline data breach notification laws. Do you know what your legal requirements are if you are hacked? What if you work with clientele across state lines? All very important questions. It is always wise to go with the guideline that is more stringent. When it comes to cybersecurity and privacy there is no limit to how strong your line of defense should be.
Having a plan in place to prevent and remediate damage is key, but you also need to ensure that you are covering all of the legalities in your process.
Related Posts
10 Things You Didn't Know You Could Do With Apple Configurator (That Save Mac Admins Hours)
1) Retro-enroll Devices into Apple Business Manager (iOS/iPadOS) If a Mac wasn’t purchased through your ABM-linked reseller, you can still claim it. Adding it via Configurator means you get Automated Device Enrollment...
The Evolution of Apple Certification: A Journey Through Versions, Challenges & Growth
A Look Back: The macOS 10.5 Era and the Early Certification Landscape Back in 2008 when I first became an Apple Certified Support Professional, the certification process was a different beast entirely....
Secure Software, Secure Career: How I Passed the CSSLP
Where the CISSP is broad, the CSSLP is laser-focused. This exam dives deep into secure software principles, threat modeling, data protection, API security, database hardening, and development methodologies like Agile, DevOps, and...
Managing Bring Your Own Device (BYOD) for Android with Microsoft Intune
BYOD For Android using Microsoft Intune Alright, so today we’re going to be talking about the management of bring your own device BYOD for Android devices. There’s a lot of information out...
BYO with me in 2025: iOS with User Enrollment in JAMF Pro
BYOD Is for Mobile Devices only right? It really depends on your companies needs. For example many companies need to hire 1099 contractors and in such a case they come with their...
Securing BYOD Email Access: Exploring Strategies in Microsoft 365
Strengthening Your BYOD Program with Secure Email Policies In today’s mobile-first world, organizations increasingly rely on Bring Your Own Device (BYOD) programs to empower employees while optimizing costs. However, this flexibility introduces...
How I Conquered the CISSP Exam: 9 Months, Top Resources, and Proven Strategies
My Study Plan 1. Set a Realistic Timeline From the outset, I knew this wasn’t a sprint—it was a marathon. I gave myself 9 months to study, breaking the material into manageable...
Get more out of scripting than you may expect
Expect is an extension to the Tcl scripting language written by Don Libes. The program automates interactions with programs that expose a text terminal interface. Expect, originally written in 1990 for the...
Cybersecurity is more than having the right tools
Cybersecurity is the convergence of people, processes and technology that come together to protect organizations.
