2024 Changes to DFS Cybersecurity Law:

The Compliance Wake-Up Call You Can't
Afford to Sleep Through

The 2024 NY DFS amendments mandate even
stronger cybersecurity measures to protect client data and
financial assets. Are you truly confident your Agency or
Brokerage will pass the proof of compliance requirements?

Free DFS Compliance
Assessment

While there's a perception that certain companies might be "small" enough to bypass the NY DFS
regulations, in reality, there are NO FULL EXEMPTIONS, only LIMITED EXEMPT.

Before vs After 2024 Changes for Most
Agencies and Brokerages

OLD REGULATIONS​

  • 500.02 Cybersecurity Program
    Develop and maintain a robust cybersecurity program.
  • 500.03 Cybersecurity Policy
    Implement a comprehensive cybersecurity policy.
  • 500.07 Access Privileges
    Regulate employee access to only what is necessary.
  • 500.09 Risk Assessment
    Perform annual cybersecurity risk assessments to verify cybersecurity program.
  • 500.11 Third Party Service Provider Security Policy
    Implement policies and procedures to verify third-party service providers.
  • 500.13 Limitations on Data Retention
    Implement policies and procedures to properly delete sensitive data.
  • 500.17 Notices to Superintendent
    Be able to notify and report to DFS within 72 hours of data breach or hack.
OLD REGULATIONS​

2024 NEW REGULATIONS​

  • 500.02 Cybersecurity Program​
    Develop and maintain a robust cybersecurity program
    Must be able to test and recover data from backups
    Must have a complete asset inventory​
  • 500.03 Cybersecurity Policy​
    Implement a comprehensive cybersecurity policy
    Maintained and implemented by employee or third-party with adequate experience
  • 500.07 Access Privileges​
    Regulate employee access to only what is necessary
    Must implement Multifactor Authentication
    Remote access devices must be securely configured or disabled
  • 500.09 Risk Assessment​
    Perform annual cybersecurity risk assessments to verify cybersecurity program
    Must be updated annually and submitted with compliance filing
    Impact assessment must be conducted
    Risk assessment must be thorough and adequate to company operations
  • 500.11 Third Party Service Provider Security Policy
    Implement policies and procedures to verify third-party service providers​
  • 500.13 Limitations on Data Retention​
    Implement policies and procedures to properly delete sensitive data​
  • 500.17 Notices to Superintendent​
    Must be able to file reporting to DFS within 24-72 hours of data breach or hack under expanded “events” definition
    Must be able to report to DFS within 24 hours of extortion payments
    Report within 30 days to DFS explaining why ransom payment was necessary and what alternatives were considered
    Must be able to notify all customers of data breach or hack and what data was impacted.

DFS FILING: PROOF OF COMPLIANCE

Under NY DFS Cybersecurity Law, companies must regularly assess their cybersecurity measures. For any weak points found, updated security must be implemented. Once complete, companies must submit proof of Certification of Compliance.

PROOF OF COMPLIANCE
Meet Your Cybersecurity Compliance Partners

Our Partnership with Big “I” NY

Walter Contreras, registered NY DFS instructor, Cybersecurity expert, and CEO of Motiva Networks explains the relationship between cybersecurity and the insurance community, new cybersecurity protections such as EDR, and the knowledge your agency needs to better serve your clients in this latest Big “I” NY CE credit class.

BIGI Pentest Logo

Top Reasons Why

Agencies Trust Their IT Services And Cybersecurity compliance to Motiva

Make sure your IT systems are
in compliance with State and Federal Laws.

GET YOUR FREE CONSULTATION TODAY!

Deep expertise in
small and medium-
sized Agency
operations.

Deep expertise in
small and medium-
sized Agency
operations.

Cybersecurity is
Paramount.

Cybersecurity is
Paramount.

Top Reasons Why

Agencies Trust Their IT Services And Cybersecurity compliance to Motiva

Most Documented
5 Star GOOGLE
Reviews in NY.

Most Documented
5 Star GOOGLE
Reviews in NY.

We Answer our
Phones LIVE

We Answer our
Phones LIVE

93-Seconds or
less response
time guarantee.

93-Seconds or
less response
time guarantee.

We Include 24/7/365
Technical Support at
no EXTRA COST.

We Include 24/7/365
Technical Support at
no EXTRA COST.

Make sure your IT systems are
in compliance with State and Federal Laws

GET YOUR FREE
CONSULTATION TODAY!

Cybershield365

​24/7 MDR, Endpoint Security, Zero Trust, Asset Management,
Next-Gen Antivirus, System Patches, Remote Workforce
Security, Cloud Monitoring, Data Encryption, Secure Email,
Email Backup, & More​.

24/7 Cloud MDR

24/7 Cloud MDR

Critical protection for
mitigating risks and damages.
Endpoint Security

Endpoint Security

Comprehensive coverage for the
wide array of devices on a
network.
Zero Trust

Zero Trust

Never trust, always verify
principal for inside or outside
network threat.

MFA and MDR:
A Symbiotic Security Ecosystem

MFA (Multi-Factor Authentication):

MFA is a security method that requires users to present two or more
verification factors to gain access to a resource such as an application,
an online account, or a VPN.

MDR (Managed Detection and Response):

MDR is a managed cybersecurity service that combines technology and
human expertise to detect, analyze, and respond to threats across an
organization’s IT environment.

The Interplay Between MFA and MDR

Enhanced Threat Detection

Enhanced Threat Detection:

  • MFA acts as the first line of defense, ensuring that only authenticated users can access the system.
  • MDR constantly monitors network traffic and system behaviors. If an authenticated user starts exhibiting suspicious behavior post-authentication, MDR will catch and analyze this anomaly..

Comprehensive Coverage

Comprehensive Coverage:

  • MFA protects against compromised credentials, phishing attempts, and more, ensuring only legitimate users access the system.
  • MDR offers 24/7 surveillance of the IT environment, ensuring threats are detected in real-time, even inside the perimeter.

Immediate Response

Immediate Response:

  • If an attacker somehow bypasses MFA using stolen credentials or other techniques, the MDR team will detect this malicious activity and can quickly respond to mitigate the threat.

Data Protection

Data Protection:

  • MFA ensures sensitive data is only accessed by users who verify their identity through multiple authentication factors.
  • MDR detects and responds to unauthorized data access or exfiltration attempts, safeguarding business-critical information.

Adaptive Security

Adaptive Security:

  • Modern MFA systems can adapt based on user behavior, risk factors, and more, providing dynamic authentication challenges when necessary.
  • MDR services continuously adapt to the evolving threat landscape, updating detection and response tactics based on emerging threats and vulnerabilities.

In Essence

In Essence:

  • MFA and MDR, when implemented together, provide a holistic and layered approach to cybersecurity. This multi-layered security stance ensures both proactive prevention through MFA and reactive mitigation through MDR, resulting in a fortified IT environment against an array of cyber threats.

FIND OUT IF YOU ARE IN COMPLIANCE WITH A SIMPLE 10 MIN CALL.

Independent doesn't
mean isolated!

Ensure your company stands tall amidst the evolving cyber challenges by aligning with the 2024 DFS cybersecurity benchmarks.