ARTICLE
22 May 2020

New York DFS Warns Industry Of Heightened Cyber-Risks

KL
Herbert Smith Freehills Kramer LLP

Contributor

Herbert Smith Freehills Kramer is a world-leading global law firm, where our ambition is to help you achieve your goals. Exceptional client service and the pursuit of excellence are at our core. We invest in and care about our client relationships, which is why so many are longstanding. We enjoy breaking new ground, as we have for over 170 years. As a fully integrated transatlantic and transpacific firm, we are where you need us to be. Our footprint is extensive and committed across the world’s largest markets, key financial centres and major growth hubs. At our best tackling complexity and navigating change, we work alongside you on demanding litigation, exacting regulatory work and complex public and private market transactions. We are recognised as leading in these areas. We are immersed in the sectors and challenges that impact you. We are recognised as standing apart in energy, infrastructure and resources. And we’re focused on areas of growth that affect every business across the world.
On April 13, the New York State Department of Financial Services (DFS) issued guidance to its regulated institutions on how to manage cyber-risks connected to remote working, amid a "significant" increase in cybercrime associated ...
United States Finance and Banking

On April 13, the New York State Department of Financial Services (DFS) issued guidance to its regulated institutions on how to manage cyber-risks connected to remote working, amid a "significant" increase in cybercrime associated with the global COVID-19 pandemic. DFS recommends that companies use secure connections, including multifactor authentication and secure VPN connections for connecting to company networks or systems, and that employees use only company-issued devices that can be locked down remotely if needed.

Company devices should also include appropriate security technology, such as endpoint detection and response and mobile device management. Likewise, video- and audioconferencing software should be configured to limit unauthorized access, and employees should be trained on how to use it securely.

If companies have expanded their "bring your own device" policies to enable remote working, they should consider implementing compensating measures and device security. As for personal accounts and applications (such as email or mobile apps), DFS advises against using them to send nonpublic information, in order to prevent data losses.

DFS also has joined other state and federal regulators to warn of an increase in online fraud and phishing attempts related to COVID-19. Now that face-to-face work is limited, DFS recommends updating and training employees on authentication protocols for key actions such as security exceptions and wire transfers. Third-party risks should also be assessed in light of the challenges created by the pandemic.

DFS reminds regulated institutions that they are already required outside the current environment to assess cybersecurity risks, and to address them appropriately. If an incident qualifies as a "covered cybersecurity incident" under 23 NYCRR sec. 500.17(a), the regulated institution must report it to DFS "as promptly as possible" and within 72 hours at the latest.

Originally published May 01, 2020

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More