Motiva

DID YOU GET THE EMAIL FROM DFS ABOUT THE NEW CHANGES AND

DON'T KNOW WHERE TO START?

Schedule a FREE DFS Compliance Assessment to understand the reality of your current cybersecurity position & expose hidden vulnerabilities so we can take the appropriate action to satisfy compliance filing requirements.

YOU HAVE UNTIL APRIL 15th 2024 TO COMPLY

-
Days
-
Hours
-
Minutes
-
Seconds

Our Free Compliance Assessment Will Give You The Answers You Want, The Certainty You Need.

This Assessment will provide verification from a qualified third party on your NY DFS Compliance posture, whether or not your current IT company is doing everything they should be, and if your business is at serious risk for hacker attacks, data loss and extended downtime, as well as how to solve these issues.

After this Assessment, you’ll get answers to questions such as:

  • Whether or not you're currently in Compliance with NY DFS Cybersecurity Law
  • Where you are overpaying (or getting underserved) for the services and support you are currently getting from your current IT company or team.
  • If you and your employees’ login credentials are being sold on the Dark Web.
  • IF your IT systems and data are truly secured from hackers, cybercriminals, viruses, worms and even sabotage by rogue employees.
  • IF your current backup would allow you to be back up and running again fast if ransomware locked all your files.
  • Do your employees truly know how to spot a phishing e-mail? We will actually put them to the test. We’ve never seen a company pass 100%. Never.
  • IF your IT systems, backup and data handling meet strict compliance requirements for data protection.
  • If your company (and your reputation) are at RISK and how your employees can work from home without compromising the security of your customers data.
  • How you could lower the overall costs of IT while improving communication, security and performance, as well as the productivity of your employees.

5 BIGGEST CHANGES
TO DFS LAW
 

Penetration Testing

- By simulating real-world cyberattacks, it provides a critical means for agencies to discover and rectify security weaknesses, ultimately improving overall security posture, reducing the risk of breaches, and safeguarding sensitive data and customer trust.

Endpoint Security

- Protecting individual devices, such as computers, smartphones, and servers, from various cyber threats like malware and unauthorized access.
- A combination of measures such firewalls, and intrusion detection systems to secure devices.

Multi Factor Authentication

- Utilize MFA for local access to laptops and computers

- Combination of both a password and a secondary form of authentication.
- Remote access, Office 365 and More
- App or Token Based MFA preferred

Text-Based is no longer secure or recommended!

Asset Management and Application Control

- Must be able to track owner, location, sensitivity, support expiration date, and recovery time objectives for EACH asset (laptop, phone, pc)
- Regularly update and validate the asset inventory
- Policy for secure disposal of nonpublic information
- Have in place the ability to scan and detect malicious applications and prevent them from being installed to systems.

PROOF OF CYBERSECURITY IMPLEMENTATION

- Certifies entity complied during prior calendar year
- Must provide data and documentation to accurately demonstrate compliance in the form of reports, certifications or otherwise
- Signed by CISO (Chief Information Security Officer) and CEO responsible

NEW ENFORCEMENT RULE

500.20 Enforcement: Any failure of any requirement for 24 hour period, and failure to
secure or prevent unauthorized access is NON-Compliance.

There is no “full exemption” of the law, only limited exempt and not exempt at all. 


Entities must now also report to DFS where they are NOT in compliance,
 why they were not in compliance, a proof of plan for coming into compliance for those failings, and a date of which those compliance items will be implemented.

Walter Contreras, registered NY DFS instructor, Cybersecurity expert, and CEO of Motiva Networks understands how the world's digital transformation is impacting small to medium sized businesses. With over 25 years of experience in information technology and cybersecurity, his vision is clear - safeguarding and strengthening the digital backbone of business owners.