CYBERSECURITY REQUIREMENTS FOR FINANCIAL SERVICES COMPANIES

DFS 500 Cyber-security Requirements Document\

The New York State Department of Financial Services (“DFS”) has been closely monitoring the ever-growing threat posed to information and financial systems by nation-states, terrorist organizations and independent criminal actors. Recently, cybercriminals have sought to exploit technological vulnerabilities to gain access to sensitive electronic data. Cybercriminals can cause significant financial losses for DFS regulated entities as well as for New York consumers whose private information may be revealed and/or stolen for illicit purposes. The financial services industry is a significant target of cybersecurity threats. DFS appreciates that many firms have proactively increased their cybersecurity programs with great success.

Given the seriousness of the issue and the risk to all regulated entities, certain regulatory minimum standards are warranted, while not being overly prescriptive so that cybersecurity programs can match the relevant risks and keep pace with technological advances. Accordingly, this regulation is designed to promote the protection of customer information as well as the information technology systems of regulated entities. This regulation requires each company to assess its specific risk profile and design a program that addresses its risks in a robust fashion. Senior management must take this issue seriously and be responsible for the organization’s cybersecurity program and file an annual certification confirming compliance with these regulations. A regulated entity’s cybersecurity program must ensure the safety and soundness of the institution and protect its customers.

Experts at United Network Associates, Inc. are available to consult and resolve this matter.

Ed Eisenstein, President ed@unatechnical.com

Is your companies data already sold on the dark web?

The dark web, as the name suggest, is the hidden, dark side, of the Internet. Often behind cryptic addresses and only reachable via vast encrypted networks lays a world of political forums, questionable images, sites who’s members seek privacy as well as outright criminal marketplaces where people happily trade guns, drugs and stolen items as well as information.

When businesses are being compromised, their data often is being offered to the highest bidder on dark web auctions or sold in bulk for a fee. Many businesses find out that their network had been hacked, with help of information, obtained on the dark web, where it had been up for sale for weeks or months. If they would have known, preventive measures, would have prevented the disaster.

Do you know if your data is already being traded on the dark web? Passwords and personal information of employees are the most commonly traded items.

Recently former Nassau county chief information officer and now private Cybersecurity expert Ed Eisenstein, has introduced a sophisticated monthly service that scans the dark web continuously for hints, that point towards your business and alerts you immediately once compromising information is being found. This service, available for less than 35 cents per day, is a must have in the tool belt of every security aware business and should be the minimum line of awareness that is being build. For more information check: https://www.unatechnical.com

Hard-drives, power sources, operating systems, backup drives, they all will fail. Be it a mechanical error, virus infection , malicious actor, all the way to completely automated and large scale hacks – every system goes down! Otherwise it would reach the statistically near impossible 100% up-time mark.

Knowing this, thorough planning is a must. This area of IT is called “continuity” planning. Having measures in place that ensure that business can continue as usual as quickly as possible after a catastrophic IT event that will certainly hit every business at some point. Always be aware that the statistical chance that nothing will ever happen is near 0.

Ed Eisenstein, former Chief Information Officer of Nassau county shares his top continuity tips. Today Ed is founder of a New York based Cybersecurity and IT services firm, serving hundreds of businesses in different verticals. As homeland security instructor and former liaison officer for the FBI his insights are a great guideline.

Here are his top 5 tips:

1. Identify all critical or vital business components. This includes location, power, people, data systems, banking, etc. (he uses checklists for his clients)

2. Identify critical information and contacts. This includes easily accessible emergency contact information as well as critical banking and online system access information

3. Create a written action plan. A business continuity plan and disaster recovery effort that is realistic and doable and becomes part of the company culture that everyone is aware of.

4. Set realistic recovery objectives. What is needed and in what timeline for the business to continue and ultimately not fail due to a disaster situation.

5. Test the plan and keep it up to date. A realistic continuity plan is based on keeping the information and workflow up to date. The best course of action is to keep it as current as possible or at least make it an annual review process.

If you are interested in learning about those strategies and how to implement them, you can reach Ed Eisenstein at https://www.unatechnical.com/

UNA RMM Presentation

United network associates is a full service IT company called a managed service. UNA Provides high-level IT engineers as well as a customer service oriented IT help desk service.  The deep understanding of infrastructure and security sets UNA apart from the competition.

UNA has the experience to help clients with a strategic plan to take full advantage of the technology in your operation. With even a little bit of UNA planning help, clients gain significantly more efficiency when implementing technology correctly.

Professional IT Solutions come with high level cybersecurity services. Versed in network vulnerability assessments and penetration tests, UNA provides a cost effective monitoring services where network analysis tools are configured to closely inspect and report errors on critical network infrastructure, servers, software or devices.

Engineers and support staff react to these alerts and proactively engage equipment and third party vendors to regain normal operations from system failure or cyber-attacks.

At UNA, the president and senior consultant has enterprise experience as cio for nassau county for 8 years serving as senior technology executive and policy maker, reporting to the county executive.

The senior network engineer has 19 years of professional senior technical experience supporting enterprises in manufacturing, logistics and distribution.

Help desk and technical Support technicians are friendly and helpful and will remote into your computer quickly to resolve your problem.  Fast on-site support is offered when remote assistance cannot be established.  YOUR downtime is our problem.

All remote sessions are securely connected and all remote sessions are recorded.

UNA works with a large pool of partners to provide a comprehensive technology solution to businesses and local governments.  UNA has relationships with many technology services that assist when clients have specific needs.

Current partnerships such as with Microsoft, Sonicwall, Cisco, Amazon bring superior products to UNA clients that are highly reliable and effective.

UNA has operated in long island since the mid 90’s and understand the local business community as well as its governments.

Available for questions.  ed@unatechnical.com