As we face an unprecedented threat from the novel coronavirus known as “COVID-19,” every organization’s highest priority must be health and safety. The extraordinary steps necessary to combat the COVID-19 pandemic have also created new challenges as regulated entities work to continue operating and providing critical services. Among these new risks is a significant increase in cybercrime, as criminals seek to exploit the situation.
The Department of Financial Services (“DFS”) has identified several areas of heightened cybersecurity risk as a result of this crisis. As called for by DFS’s cybersecurity regulation, 23 NYCRR Part 500, regulated entities should assess the risks described below and address them appropriately.
We also remind all regulated entities that, under 23 NYCRR Section 500.17(a), covered Cybersecurity Events must be reported to DFS as promptly as possible and within 72 hours at the latest. Prompt reporting will enable DFS to respond quickly to new threats as DFS works to protect consumers and the financial services industry in these difficult times.
via Industry Letter – April 13, 2020: Guidance to Department of Financial Services (“DFS”) Regulated Entities Regarding Cybersecurity Awareness During COVID-19 Pandemic | Department of Financial Services.