
Are You A "Sitting Duck"?
One biggest threat to your business is your compliance with the NYDFS Cybersecurity Law - or lack thereof!
Regulated Financial Services entities and licensed persons must file the Certification of Compliance for calendar year 2020 starting on April 15, 2021
The NYDFS 23NYCRR500 Regulation applies to:
- State banks
- Licensed Lenders
- Private Banks
- Foreign Banks operating in New York
- Mortgage Companies
- Insurance companies
- Trust companies
- Financial Service providers
Don’t let what happened to First American happen to you. With many misconceptions about the Law, some businesses may be deemed small enough to be “exempt” but there are no exemptions. ONLY LIMITED EXEMPT which means you still must comply with the law.
Find out if you are in compliance on a 10-Min Call with our experts
Yes, I Would Like To Schedule A 10-Minute Discovery Call!
NYDFS Cybersecurity Requirements are incredibly confusing, and the penalties for not being compliant can be debilitating. If you are uncertain that your business is in compliance with the Cybersecurity Law, most likely you are not.
On this call we can discuss your unique situation, any concerns you have, and of course, answer any questions you may have about the 23NYCRR500. If you feel comfortable moving ahead, we’ll schedule a convenient time to conduct a Cybersecurity Compliance Audit.
Our Free Cybersecurity Compliance Audit Reveals Where Your Company Is At High Risk Of Getting a Fine from de NYDFS
This Audit can be conducted 100% remote with or without your current IT company or department knowing (we can give you the full details on our initial discovery call). At the end of the Audit, you’ll know if you comply with the following requirements:
- Establish a Cybersecurity Program (500.02)
- Develop a Cybersecurity Policy (500.03)
- Assign a Chief Information Security Officer (500.04)
- Perform Periodical Penetration and Vulnerability Testing (500.05)
- Maintain an Audit Trail designed to detect and respond to Cybersecurity Events (500.06)
- Limit Users Access Privileges (500.07)
- Establish Application Security Procedures (500.08)
- Perform Periodic risk assessments (500.09)
- Utilize qualified Cybersecurity Personnel to manage and oversee the performance of the cybersecurity program (500.10(a)(1))
- Provide cybersecurity personnel with cybersecurity updates and training (500.10(a)(2))
- Enable Multi-Factor Authentication for Information Systems (500.12)
- Employee Cybersecurity Training and Monitoring (500.14)
- Enable Data Encryption and Protection (500.15)
- Establish a Incident Response Plan (500.16)
Find out if you are in compliance on a 10-Min Call with our experts
What our customers say about us!

