New York State Provides Great Example of How to Improve Organizational Cybersecurity
- The state of New York has introduced multiple pieces of legislation to help bolster private-sector cybersecurity.
- It is recommended that all businesses consistently monitor for threats, educate their workforce on them, enforce strict policies regarding data transfer, bring your own device (BYOD), VPN usage, and other hallmarks of good cybersecurity.
- Good cyber hygiene requires energy, effort, and buy-in from all members of your organization – but it’s worth it, as the impact of faulty cybersecurity practices can be catastrophic.
As the need for a secure cybersecurity posture continues to grow in importance for businesses everywhere, the state of New York has become a national leader in cybersecurity. That’s a good thing for New York businesses, as it can inspire confidence in them to operate successfully and securely. It also means those same businesses must comply with existing state regulations while maintaining a high standard for cyber hygiene within their organization. This enhances your organization’s security but isn’t necessarily easy to implement. With a little forethought and guidance, however, businesses can better understand what’s needed to make secure and informed decisions about their organization’s cybersecurity.
In this post, we’ll take a closer look at the groundwork New York state has laid regarding cybersecurity and what your New York business should focus on to ensure compliance and optimize data security.
New York Has Taken Multiple Measures to Show How Seriously It Takes Cybersecurity
The state holds one of the biggest cities in the world – one of the most influential municipalities for businesses. Because of this, it should be no surprise that the Empire State takes cybersecurity seriously. Its legislators have come up with multiple efforts to improve cybersecurity at the organizational level.
Several years ago, the New York State Department of Financial Services approved a first-in-the-nation cybersecurity regulation for banks, insurance companies, and other financial services institutions. The Department’s regulation requires organizations to adopt security policies and procedures to protect their information systems and nonpublic information.
Other cyber policy measures enacted statewide reach beyond the financial services sector. In 2018, the New York State Office of Information Technology Services unveiled its New York State Cyber Security Strategy & Policy Framework, which guides the implementation of cybersecurity best practices throughout all agencies within the Executive Branch of New York State.
The measure calls for agencies to do the following:
- Develop risk assessment frameworks
- Identify and assess the risks to their organization’s information systems
- Implement controls designed to ensure adherence to organizational policies and procedures
- Train employees on cybersecurity best practices
- Implement BYOD policies
- Use VPNs when connecting remotely
- Integrate multifactor authentication for sensitive applications and systems
- Educate staff members on phishing scams and other social engineering techniques
- Create incident response plans to limit damage in case of a breach
To comply with this regulation, agencies should develop a written cybersecurity policy that includes the following:
- Purpose and scope statements
- Roles and responsibilities
- Management commitment
- Awareness training requirements (e.g., policies/procedures, roles/responsibilities)
There’s a good reason the state of New York believes in these recommendations – they don’t eliminate cybersecurity risks, but they can help you mitigate them. Of course, enacting these measures is easier said than done. Many teams struggle with cybersecurity even though everyone should view it as an organizational imperative. While this was aimed at the Executive Branch, it’s good advice for private sector organizations.
What Can Your New York Business Do to Practice Good Cyber Hygiene?
The first step New York state recommends is for you to develop your cybersecurity plan. Implementing a comprehensive cybersecurity plan is one of the most innovative things an organization can do to secure itself from malicious actors. Cybersecurity demands that your organization take it seriously, from senior leadership to employees in all departments and roles. A comprehensive plan for which all members of your staff are accountable builds a solid data security foundation.
Cybersecurity also requires vigilance. It requires an ongoing commitment by organizations to keep up with the rapidly changing technology landscape through continuous training, software updates, hardware upgrades, and more. Ensuring your IT department is responsible for implementing these – but that all members of your organization share in that responsibility to ensure the updates are happening – is paramount.
To successfully maintain proper cybersecurity, you need to clearly understand the threats that exist today and may arise in the future. You also need to understand what data is valuable for your organization, who can access it, where it is stored, and how often does it change?
Another essential component of a comprehensive cybersecurity plan is conducting regular assessments. This enables you to identify vulnerabilities in your systems and implement solutions before hackers exploit them. It also helps reduce the risk of data breaches, which can be costly for an organization financially and reputationally.
Cybersecurity is not a one-time undertaking but rather something that needs constant attention and updating as you discover new threats or witness existing ones as they evolve. Don’t view your cybersecurity plan or efforts as a “set it and forget it” feature of your business. Your cybersecurity plan should be a living document that adapts as needed.
Organizational Flexibility and Awareness are the Hallmarks of a Solid Cyber Posture
The truth is that the protective steps suggested by the state of New York are valid in any state. Cybersecurity should be one of your top concerns for a New York business or a business residing anywhere in the world.
The risks associated with cyber threats continue to grow as the technology landscape evolves rapidly, making it increasingly important for organizations to ensure they are implementing effective measures to protect their business operations and confidentially. Organizations need to continuously train employees on best practices related to cybersecurity while investing in software updates, hardware upgrades, firewalls, and other protective measures and hiring staff experienced with protecting against various types of threats (e.g., phishing).
The world is changing, and so are the threats that organizations face. The cybersecurity space is constantly evolving, so your organization needs to be vigilant about keeping up with the latest trends and developments. Keep cybersecurity at the top of mind for everyone throughout the organization to limit vulnerabilities and keep your systems more secure. Contact us today for more on how we can help you do this.
Mike Bowe | Published on October 24, 2022