New York’s Cybersecurity Regulations Are a Model for States
New York's new cybersecurity proposal has other states (and even countries) considering similar action. But will that be enough?
New York Governor, Andrew Cuomo, sent out his proposal for cybersecurity regulations for banks and insurers. The steps outlined in the proposal make it clear that cybersecurity, and those many breaches in privacy and personal data, are finally viewed as a real danger. The regulations started to take place in March of this year.
While New York is on the right track, they still have a long way to go to truly improve cybersecurity efforts. Fortunately, you don’t have to wait — you can improve your cyber awareness through a few simple steps. You should create strong and complex passwords, be wary of unknown links or emails, and regularly scan your devices for viruses. Use the Full Virus Scan to check your smartphone and SD card for malware and security threats. Click here to scan your device for malware now:
New York’s Cybersecurity Regulations
Why the big deal? Haven’t banks and insurance institutions always had security and cyber-related standards and regulations? Yes, except this is the first time that anyone has proposed a list of specific requirements in that realm. It’s a huge step forward.
After all, privacy is a big concern. Whether you are shopping or browsing online, your personal data is important. Identity theft, data breaches, and other cybercrimes aren’t just going to go away. This regulation makes it clear that companies need to do more. It will likely have far-reaching effects. Other states and even other countries will likely model their policies after the New York model.
There are fourteen pages in the document, and it is broken into twenty-three different sections. But is it enough? Those who have experience in cybersecurity believe it is a start but it isn’t quite enough. While it is great that companies will need to take a firm, active stance in the matter — and undergo processes to thwart this type of crime — some point out that the proposal doesn’t go far enough.
They highlight the fact that cyber risk certifications will be checked once per year or even quarterly. Based on the number of updates antivirus software typically undergoes, an annual check certainly won’t be enough. A quarterly check isn’t looking any better, either.
How to Improve the Proposal
Technology advances: it’s constantly changing. These systems won’t stay static; they need to be frequently checked. Technology’s evolution demands that information systems be checked for errors that account for many of the largest breaches, as opposed to solely issues with firewalls.