As New York is the financial capital of the world, it is fitting that the Cuomo administration is working on regulations that would lead the way for cybersecurity protection in the financial sector. The state’s latest draft guidelines go a long way toward providing a framework for minimum security standards by calling for each covered organization to conduct a risk assessment, institute a cybersecurity policy based on 14 designated areas, institute multi-factor authentication or risk-based authentication to protect against unauthorized access, and institute multi-factor authentication for outside access to internal networks.
This regulation could be far-reaching—more than 4,400 entities are affected, and it will be a model for other states as well as the federal government, where there is strong pressure for the new administration to act. With a 180-day deadline to comply, the financial industry will be paying careful attention to New York’s final language. It is important for everyone that it comes out right.