Webinar: Global reaching Cybersecurity Regulations in New York, will they impact your company?

Now that the WannaCry ransomware has your attention and the attention of everybody else, it is time to start thinking about your company’s cybersecurity legal and compliance obligations.

Do you know whether your company will be impacted by New York’s expansive and global reaching Cybersecurity Regulations? The new Regulations govern many companies that do business in New York as well as other companies they do business with, even if they are not located in or doing business in New York.

The Regulations became effective in March and enforcement begins on August 28, 2017. For companies directly regulated (Covered Entities), the Cybersecurity Regulations provide an outline of essential standards, dictate who should lead the process,andmandate top down buy-in by management and the Board of Directors through these mechanisms:

  • Each Covered Entity must assess its unique risk profile and design a cybersecurity risk management program that addresses its risks in a robust fashion.
  • Each Covered Entity must designate a qualified individual to serve as its Chief Information Security Officer responsible for overseeing and implementing its cybersecurity program that must include things such as cybersecurity-focused policies and procedures and workforce training, penetration testing, third party service provider policies and procedures, development of an incident response plan, and stringent reporting obligations.
  • Each Covered Entity’s senior management must be responsible for its cybersecurity program and file an annual certification confirming compliance with the Cybersecurity Regulations that is attested to by either a Senior Officer or the Chairman of the Board of Directors.

I am inviting you to a COMPLIMENTARY WEBINAR I will be hosting to explain which companies will be impacted and the details about this new law.

Date: Tuesday, May 23, 2017
Time: 10:00 CST
Can’t attend at that time? No problem, register to view it online at your convenience.

REGISTER HERE!

The webinar is being brought to you courtesy of Boldon James, Cyber Future Foundation, and Scheef & Stone. I look forward to your joining us for this webinar and welcome any questions you may have.

______________________

Shawn Tuma (@shawnetuma) is a business lawyer with an internationally recognized reputation in cybersecurity, computer fraud, and data privacy law. He is a Cybersecurity & Data Privacy Partner at Scheef & Stone, LLP, a full-service commercial law firm in Texas that represents businesses of all sizes throughout the United States and, through its Mackrell International network, around the world.

Critical Steps Companies Must Take to Comply with New York’s Cybersecurity Rules – Ethical Boardroom

Winter2017New York’s Cybersecurity Regulations went into effect on March 1, 2017 and their impact could reach farther than you think — including to small and mid-sized companies that do not do business in New York and are not in the financial services industries. And, they require direct involvement by the Board of Directors. Is your company ready?

In my latest Ethical Boardroom article, I explain

  1. how these Cybersecurity Regulations can impact businesses of all sizes, in all industries, and all around the world,
  2. what specific steps regulated companies must take to be in compliance with the Cybersecurity Regulations, and
  3. what these Cybersecurity Regulations mean for nearly all companies.

Here is the full article from the Winter 2017 edition (page 140) which is available with free registration to the Ethical Boardroom website: Getting to Grips with New York’s Cybersecurity Compliance Rules

Here are other Ethical Boardroom (@EthicalBoard) articles that I have written that are also available for free:

______________________

Shawn Tuma (@shawnetuma) is a business lawyer with an internationally recognized reputation in cybersecurity, computer fraud, and data privacy law. He is a Cybersecurity & Data Privacy Partner at Scheef & Stone, LLP, a full-service commercial law firm in Texas that represents businesses of all sizes throughout the United States and, through its Mackrell International network, around the world.

New York Cybersecurity Regulations Delayed, Being Revised

New York Skyline at Twilight Hour
The New York Skyline at Twilight Hour

Photo Credit: Photo Credit: Marco Verch
Licensed under Creative Commons Attribution 2.0 (no changes were made to the image) https://creativecommons.org/licenses/by/2.0/deed.en

The New York Department of Financial Services has pushed back the effective date of its Cybersecurity Regulations from January 1, 2017 to March 1, 2017. This is to give the NYDFS time to significantly revise the proposed Cybersecurity Regulations initially released for comment in September 2016, which created quite a bit of controversy. The revised regulations are to be published on December 28, 2016.

The NYDFS signaled this change two days after a hearing in Albany, New York in which New York bankers voiced their concerns to New York State lawmakers. While the NYDFS has not elaborated on what is being re-written, the following are some of the key concerns that were voiced to lawmakers in the hearing:

  1. It would cost too much.
  2. Banks shouldn’t be forced to hire CISOs.
  3. The rules are too tough.
  4. New York’s regulation is too different from the federal rules of FFIEC, Federal Reserve, the OCC, the FDIC and even NIST.
  5. The regulation is “one size fits all.”
  6. It calls for too much incident reporting.
  7. The extra regulation and reporting could create an impression that New York banks are less secure than others.

These points are explained more thoroughly in the American Banker source article New York Rewriting Cybersecurity Rules After Banker Pushback.

Here are two articles I have written for SecureWorld that discuss the proposed NYDFS Cybersecurity Regulations and I will also address the revisions in the near future:

______________________

Shawn Tuma (@shawnetuma) is a business lawyer with an internationally recognized reputation in cybersecurity, computer fraud, and data privacy law. He is a Cybersecurity & Data Privacy Partner at Scheef & Stone, LLP, a full-service commercial law firm in Texas that represents businesses of all sizes throughout the United States and, through its Mackrell International network, around the world.

Complimentary SecureWorld Webinar – 2016 Breaches: Lessons Learned

You are welcome to attend a complimentary SecureWorld webinar with these featured presenters:

  • Erich Kron, Security Awareness Advocate, KnowBe4
  • Aliki Liadis-Hall, Director of Compliance, North American Bancard
  • Craig Spiezle, Executive Director & President, Online Trust Alliance
  • Shawn Tuma, Cybersecurity & Data Privacy Partner, Scheef & Stone, LLP

The webinar qualifies for CPE Credits, and will take place on Wednesday, November 30 at 12 pm CST but if you are unable to attend, you can access the recording as well.

You can learn more about, and register for, the webinar at this LINK.