With the increase in data breaches affecting major corporations like Target and Home Depot, it seems like the trend for states to increase and implement cybersecurity regulations is also on the rise. Not all states have cybersecurity regulation in place, but the federal regulations cover all states. Most recently, the State of New York has implemented (effective March 1) regulations requiring banks and insurers to meet minimum cybersecurity standards and report breaches to regulators as part of an effort to combat a surge in cybercrime and limit damages to consumers.
With these additions to the cybersecurity regulations, it is crucial for any company’s chief information security officers (CISOs) to pay close attention to which regulations apply to their industry. This is the EPA’s definition of a regulation, “Regulations are mandatory requirements that can apply to individuals, businesses, state or local governments, non-profit institutions, or others.” Regulations are not guidelines–if not followed, businesses risk significant fines and penalties for not complying with the regulations like anyone does when they break the law.
How are cybersecurity laws and regulations made? IBM’s Security Intelligence tells us, “The Cybersecurity Information Sharing Act of 2015 provides a framework for the federal government, some state governments and private industry to securely share cyberthreat information. As part of that action, the Security and Exchange Commission (SEC) established guidelines for regulated firms to comply with specific regulations. For example, the SEC recently settled a case with a company that suffered a data breach that compromised the personally identifiable information (PII) of nearly 100,000 people, showing its commitment to increasing security — particularly in the financial sector.”
There are even more changes to the recent laws and regulations tied to the financial industry. The following are key areas to keep an eye on (learn about these areas more in depth, here.):
A lot of the Cybersecurity regulations have to do with being transparent with your customer and informing them of any kind of breach that may occur. By following these regulations, it creates trust with your customers. Complete transparency when it comes to data breaches is ALWAYS recommended.
If you don’t have a CISO, you may want to consider hiring an IT firm to help manage and keep up-to-date with the regularly-changing federal and state cybersecurity regulations. You can also visit this link, https://www.sec.gov/spotlight/cybersecurity.shtml, to see a full list of the SECs cybersecurity regulations.
Need help navigating through all this? Give us a call for a free 30-day trial – (800) 584-6844 or sales@saalexit.com.