DFS Cybersecurity Compliance – 1/4/19

Hello Friends,

Many of your received an end of the year message from our Department of Financial Services about compliance with the new Cybersecurity Regulation.  New York State is serious about cyber security and this is one of their many efforts to protect you, your clients and our financial services industry.  We at ITI support this program.  However, to many individuals compliance is still a bit confusing.

In a nutshell, the DFS wants each licensee to confirm, each and every year, that they are taking steps to prevent bad actors from hacking into our computer networks.  Big entities, including brokerage houses, insurance carriers and large agencies must have sophisticated systems and regularly test their defenses using a “third party” to ensure system integrity.  Small agencies and independent individual licensees are exempt from many of these requirements, but they have compliance requirements.  Every licensee must still have a written “cybersecurity program” in place.

Your cybersecurity program will describe in writing the steps you need to take if you find that your computer has been subject to a “Cybersecurity Event”.

A Cybersecurity Event is “any act or attempt, successful or unsuccessful, to gain unauthorized access to, disrupt or misuse and Information System or information System or information stored on such Information  System. 

Remember, this is not your run of the mill problem with your computer, restarting your computer is not going to be enough and at that point it is too late to simply install an anti-virus program.  You need to do more!  You will need to contact the companies you have access to and let them know your login credentials have been compromised. Your companies should help you from there.  You also will need to notify the DFS.  Keep in mind this is where those bad actors use your login and password to get into the bigger systems.

So, where do you start?  If you are uncertain, your first step might be with your carriers, especially if you have an agent contract with them.  If you are truly an independent, the DFS has lots information to help.  Remember, this is a good program and will only take you a short time to complete each year.

Step 1.  Follow the link from your email from the DFS: https://www.dfs.ny.gov/system/files/documents/2019/01/cyber_compliance_filing_instructions.pdf

Step 2.  Click the link to the Cybersecurty Portal and enter your email address and password.  If you do not remember Your password, there is a “forgot password” link to get you moving forward.

Step 3.  Follow the prompts through, it is very straight forward.

Step 4. Remember, there is a second step.  You need to complete the “Compliance” step also.  That is the middle tab.

We at ITI cannot help you answer the questions and we cannot tell you what exemptions may apply to you, but we hope this message helps you understand this important program a bit better.

Be well.

Bob Secovnie