New York Cyber Rules May Become Model
for Other States
New York Cyber Rules May Become Model for
Other States
New York’s cyber security laws may serve as a model
for other states in the fight against cyber crime.
Using VPNs to Protect Browsing Data
Considering the recent vote to allow web-browsing
data to be sold without users’ explicit consent, virtual
private networks (VPNs) may be the key to private
browsing.
Most Employees Breach Network Security
Whether intentional or by accident, over 90 percent of
employees breach network security.
FBI May Ease Cyber Employment Standards
In an effort to recruit much-needed cyber security
agents, the FBI is considering loosening its
requirements for applicants who want to join the
agency’s cyber division.
In recent statements by New York’s financial regulator, a group of U.S. state
insurance regulators have been advised to use the state’s groundbreaking
cyber security rules as a model for how financial institutions and insurers
should protect their networks from hackers and disclose cyber events.
The superintendent of the New York State Department of Financial Services
called the regulation “a road map with rules of the road,” which can provide a
uniform cyber security law that all states can choose to adopt for use by
financial institutions and insurers to focus on cyber security threats.
New York’s cyber security rules took effect on March 1, following a series of
data breaches that resulted in losses of hundreds of millions of dollars to U.S.
companies that included Home Depot Inc., Target Corp. and Anthem Inc. The
new rules describe steps that covered entities must comply with in order to
protect their customer data and networks from cyber criminals.
One such rule calls for firms to scrutinize the security of third-party vendors
that provide them with goods and services. They must also perform risk
assessments in order to design cyber security programs particular to their
specific needs. All covered entities are required to certify compliance annually.
A proposed model cyber security law that all states can choose to adopt for
financial institutions and insurers could lead to more uniformity among states.
But they first must be finalized and approved by a task force of state insurance
commissioners before being considered by state lawmakers. However, since
the task force’s inception in 2015, insurance commissioners haven’t been able
to agree upon several points of the law. A fourth draft is expected by May 9.
For more information regarding New York’s cyber security laws, see “New York
Cyber Security Laws – Cyber Security Program Rules” and “New York Cyber
Security Laws – Covered Entity Responsibilities.”
Visit our Cyber Center