New York State Provides Great Example of How to Improve Organizational Cybersecurity
Key Points
As the need for a secure cybersecurity posture continues to grow in importance for businesses everywhere, the state of New York has become a national leader in cybersecurity. That’s a good thing for New York businesses, as it can inspire confidence in them to operate successfully and securely. It also means those same businesses must comply with existing state regulations while maintaining a high standard for cyber hygiene within their organization. This enhances your organization’s security but isn’t necessarily easy to implement. With a little forethought and guidance, however, businesses can better understand what’s needed to make secure and informed decisions about their organization’s cybersecurity.
In this post, we’ll take a closer look at the groundwork New York state has laid regarding cybersecurity and what your New York business should focus on to ensure compliance and optimize data security.
The state holds one of the biggest cities in the world – one of the most influential municipalities for businesses. Because of this, it should be no surprise that the Empire State takes cybersecurity seriously. Its legislators have come up with multiple efforts to improve cybersecurity at the organizational level.
Several years ago, the New York State Department of Financial Services approved a first-in-the-nation cybersecurity regulation for banks, insurance companies, and other financial services institutions. The Department’s regulation requires organizations to adopt security policies and procedures to protect their information systems and nonpublic information.
Other cyber policy measures enacted statewide reach beyond the financial services sector. In 2018, the New York State Office of Information Technology Services unveiled its New York State Cyber Security Strategy & Policy Framework, which guides the implementation of cybersecurity best practices throughout all agencies within the Executive Branch of New York State.
The measure calls for agencies to do the following:
To comply with this regulation, agencies should develop a written cybersecurity policy that includes the following:
There’s a good reason the state of New York believes in these recommendations – they don’t eliminate cybersecurity risks, but they can help you mitigate them. Of course, enacting these measures is easier said than done. Many teams struggle with cybersecurity even though everyone should view it as an organizational imperative. While this was aimed at the Executive Branch, it’s good advice for private sector organizations.
The first step New York state recommends is for you to develop your cybersecurity plan. Implementing a comprehensive cybersecurity plan is one of the most innovative things an organization can do to secure itself from malicious actors. Cybersecurity demands that your organization take it seriously, from senior leadership to employees in all departments and roles. A comprehensive plan for which all members of your staff are accountable builds a solid data security foundation.
Cybersecurity also requires vigilance. It requires an ongoing commitment by organizations to keep up with the rapidly changing technology landscape through continuous training, software updates, hardware upgrades, and more. Ensuring your IT department is responsible for implementing these – but that all members of your organization share in that responsibility to ensure the updates are happening – is paramount.
To successfully maintain proper cybersecurity, you need to clearly understand the threats that exist today and may arise in the future. You also need to understand what data is valuable for your organization, who can access it, where it is stored, and how often does it change?
Another essential component of a comprehensive cybersecurity plan is conducting regular assessments. This enables you to identify vulnerabilities in your systems and implement solutions before hackers exploit them. It also helps reduce the risk of data breaches, which can be costly for an organization financially and reputationally.
Cybersecurity is not a one-time undertaking but rather something that needs constant attention and updating as you discover new threats or witness existing ones as they evolve. Don’t view your cybersecurity plan or efforts as a “set it and forget it” feature of your business. Your cybersecurity plan should be a living document that adapts as needed.
The truth is that the protective steps suggested by the state of New York are valid in any state. Cybersecurity should be one of your top concerns for a New York business or a business residing anywhere in the world.
The risks associated with cyber threats continue to grow as the technology landscape evolves rapidly, making it increasingly important for organizations to ensure they are implementing effective measures to protect their business operations and confidentially. Organizations need to continuously train employees on best practices related to cybersecurity while investing in software updates, hardware upgrades, firewalls, and other protective measures and hiring staff experienced with protecting against various types of threats (e.g., phishing).
The world is changing, and so are the threats that organizations face. The cybersecurity space is constantly evolving, so your organization needs to be vigilant about keeping up with the latest trends and developments. Keep cybersecurity at the top of mind for everyone throughout the organization to limit vulnerabilities and keep your systems more secure. Contact us today for more on how we can help you do this.