Cyber security is the body of technologies, processes and practices designed to protect networks, computers, and data from attack, damage or unauthorized access. It’s an enterprise responsibility to uphold best practices and adhere to company policies.
New York State Unveils Strict Cyber Security Regulations
On the first of March this year, New York State announced and implemented regulations requiring banks and insurers to meet minimum cyber-security standards and to report breaches to regulators as part of an effort to combat a surge in cybercrime and limit damages to consumers.
What does this mean for affected institutions?
- Organizations must develop a Cyber Security Program.
- Policies that address aspects such as access controls, business continuity, asset inventory and data governance must be implemented.
- The Chief Information Security Officer (CISO) must at least annually, provide a report to the bank’s board of directors.
Other requirements that must be put into practice:
- Periodic risk assessment and annual penetration tests.
- Encryption must be used for data in transit and at rest.
- An Incident response plan must be developed.
This is a step in the direction of protecting the organization’s and customer’s privacy. Combating the bad guys with security best practices and real-time breach detection. These guidelines should be followed by any organization handling sensitive customer information.
How to use and share customer data without damaging trust:
Customer privacy is gearing up and it’s important to protect and uphold the integrity of client data. Today, customers are very concerned about what companies are doing with their data.
- Be transparent. Set the tone early and set a mutual understanding of privacy policies and practices. Agree on how data is used and ensure preferences can be reviewed over time.
- Go beyond the regulations. A lot of companies will have privacy policies that adhere to regulations but don’t have strict data policies that satisfy customer needs.
- Be careful with third parties. Companies are increasingly sharing data with third parties; including advertisers, service providers or partners who provide add-on services and products. Have data access policies in place that limit what can be shared according to criteria like vendor type, job function, geography and demographics as well as customer agreements.
- Use security best practices. Privacy and security go hand and hand; employing the strongest possible security methods is crucial. Defense in depth dictates that each time data is handled, there needs to be an effective control against its misuse.
What is a Human Firewall?
When most people think about information security, they think about all of the hardware and software that protects the data from outside eyes. The greatest access point to this data is the employee. Simply put, building a human firewall is the practice of developing a security conscious mindset for all employees with access to sensitive information.
- The humans at a company are a much more common target than the system itself.
- Employee training is the most effective way to mitigate the phishing threat against businesses.
- It is important to build a culture in the workplace around security awareness and to think twice before distributing information.
Do your part
- Protect and create quality passwords.
- Safely use email and the Internet.
- Recognize signs of someone attempting to illegally access sensitive systems and report without hesitation up the chain of command.
- In any case, feel free to reach out to dedicated Information Security staff to raise any concern or questions.
Identity fraud is a crime where one person uses another person’s personal data, without authorization, to deceive or defraud someone else. For example, it is identity fraud to use someone’s personal information to open a credit card account without permission, and then charge merchandise to that account.
Keys To Protecting Your Identity
Protect your personal information to limit your exposure to identity theft. Identity thieves target certain types of personal information and have many clever ways to get it.
- Your personal identification number (PIN). Protect your PIN number for your ATM card. Make up a PIN that only you will know and that no one can guess easily. You change your PIN at least every 90 days. Do not write it down and place it your wallet.
- Date of birth (DOB). Your DOB and your SSN/ID NO are two important pieces of information that are needed to steal your identity.
In addition, the following identity theft-prevention tips can help you keep your personal information secure:
- Shred sensitive documents. Shred any documents that have personal information, bank accounts, credit card accounts, and so on before you discard them.
- Don’t fall for job scams. The ID thief tricks you into giving her your personal information through a phony job offer scam.