Cybersecurity Regulations for Financial Institutions

September 29th, 2016 | By Jules Halpern Associates | Cybersecurity, New York Law, Technology

With National Cybersecurity Awareness Month beginning in October, employers should assess the safeguards they have in place in order to protect confidential information that is sent and stored electronically. Providing a written cybersecurity policy is a quick and simple way to ensure that all employees, vendors, and contractors understand the various policies that a company or organization may have.

Advancements in technology have made transferring documents and sharing information much easier and faster. Information that previously had to be sent by messenger or explained in person can now be delivered by the push of a button. However, sending or storing information electronically is not nearly as safe as we’d like to believe. Almost every day, we hear of hackers who devote their time to penetrating “secure” networks, enabling access to an array of confidential consumer and business information.

An increasing number of employers have been looking to develop detailed cybersecurity policies that reflect necessary protections for servers, files, e-mails, wireless Internet, remote access programs, and a variety of other systems. Prudent employers recognize that, without a specific policy in place, they may find themselves at serious risk. For more information on risk, and what mistakes most employers are making, see our article on Protecting Property, Employees, and Clients.

Having a written cybersecurity policy has been determined to be so important that it will no longer be optional for certain companies. State regulators are beginning to mandate both cybersecurity programs and policies for certain employers in order to ensure the protection of confidential information and industry security.

New York State Takes Action

On September 28, 2016, the New York Department of Financial Services published proposed cybersecurity regulations for financial services institutions, including banks and insurance companies. Through this announcement, New York has become the first state to propose regulations to protect consumers and financial institutions from the “ever-growing threat of cyber-attacks.”

Following a notice and public comment period, the Department will issue its final rule.

Proposed Regulations

Under the Regulations, financial services institutions will be required to establish a cybersecurity program and adopt written policies. Additionally, they will need to appoint a Chief Information Security Officer to enforce the policies and answer any questions concerning information protection.

Financial institutions will have to meet specific regulatory standards based on the services they provide. The key elements that will be required in an employer’s cybersecurity policy are as follows:

  • Vulnerability Assessments;
  • Audit Trails;
  • Access Restrictions;
  • Application Security;
  • Risk Assessments;
  • Cybersecurity Personnel and Intelligence;
  • Third Party Information Security;
  • Multi-Factor Authentication;
  • Data Retention Limitations;
  • Training and Monitoring;
  • Encryption of Nonpublic Information;
  • Incident Response Plans; and
  • Notices.

New York has taken a prominent step in recognizing the importance of having and implementing cybersecurity policies in order to prevent confidential information from falling into unauthorized hands. The Regulations will provide much needed protection to consumers and the financial services industry of New York.

Jules Halpern Associates LLC

Workplace and Education Law Advisors

Jules Halpern Associates LLC
JULES HALPERN ASSOCIATES LLC is a boutique law firm committed to serving our clients in all facets of their workplace issues. We provide personalized, practical advice that resonates with our clients’ business objectives.
1225 Franklin Ave, Suite 200 Garden City NY 11530 516-466-3200
45 Rockefeller Plaza, Suite 2000 New York NY 10111 212-786-7380
Jules Z. Halpern


Long Island Office
1225 Franklin Ave | Suite 325
Garden City, New York 11530
tel: 516.466.3200 | fax: 212.658.9313

New York City Office
45 Rockefeller Plaza | Suite 2000
New York, New York 10111
tel: 212.786.7380 | fax: 212.658.9313

Real Workplace Issues Newsletter

Please enter your e-mail address below to sign up for our topical e-newsletter, Real Workplace Issues.

Follow Us

  • linkedin
  • Facebook
  • Halpern Associates on Twitter

Copyright © 2019 All rights reserved Jules Halpern Associates LLC | Attorney Advertising