New regulations focus attention on SMB cyber security
This month we focus on regulation 23 NYCRR 500 that came into effect on March 1, 2017. For many, the compliance journey has already started. For everyone else, do these strict data protection requirements affect your business?
The answer is, probably, yes. Service providers should expect client organizations to take an active interest in encryption compliance as part of their new responsibilities for third party security. Similarly, companies operating outside New York State should expect other states to step up data protection regulations soon. And if you still think your company doesn’t need to take action, then think again. AlertSec’s latest research has found that employees are not aware of the need to keep mobile devices safe. If all endpoints are not secure, employees' careless behavior could be a risk for your business and for your clients.
We recommend that you use regulations such as 23 NYCRR 500 as a guide to good practice. Time spent now on your cyber security will simplify compliance in the future, and protect your business now against data breach risks.
Read below about steps you should take now to protect your clients' data, and visit our website to download our new guide to the compliance requirements.
The financial sector depends on third party trading partners, brokers and data processors, but data sharing continues to be a major source of cyber security risk. To address this, 23 NYCRR 500 has focused attention on third party service provider security.
Data owners are now responsible for the security of shared customer information. As a result, SMBs working for large enterprises may find that encryption becomes a condition for working with those organizations. Your AlertSec service provides the strong encryption required and tools for demonstrating compliance.
In order to address your clients' data protection requirements ensure you are making full use of your AlertSec services. Compliance modules such as Media Encryption, Compliance Check and Pre-Boot Authentication mitigate the risk of a data breach and are included as standard in your subscription.
Read our compliance guide for more information about your AlertSec service compliance modules. Or contact our help desk for assistance.
AlertSec’s latest survey revealed that 46 percent of employees admit to exposing laptops to security threats by leaving them in the car, declining security updates and attaching login information.
Training is one of the key requirements in the 23 NYCRR 500 regulations. Take action to provide regular cyber security training for your staff, to ensure that your company doesn’t pay the price of their careless behavior.
The new third party security responsibility introduced in 23 NYCRR 500 represents a big challenge for large enterprise as well as SMBs. Encryption is the best tool but it is not always easy to enforce compliance on systems you do not own or control.
To address this problem, AlertSec has developed a new compliance check service ACCESS. ACCESS enables data owners to enforce compliance so that only encrypted devices can be used to access data. Read more about our new ACCESS solution on our website.
“We are specialists in IT security”, said AlertSec’s CEO Ebba Blitz in a recent article. “Our support team provides the capability that you might find in a large enterprise.”
Many SMB’s may have concerns about whether they have the resources to manage compliance with new regulations or client requirements. Remember that with AlertSec you already have an IT team working for you with the capability to be up-to-speed with advanced requests.
If you have questions about data protection, call our help desk today.