New cybersecurity regulations from the New York Department of Financial Services (NYDFS) went into effect March 1, 2017. 23 NYCRR 500 will require organizations to designate a CISO, as well as enact and document a comprehensive cybersecurity policy.

By February 15, 2018, all covered entities are required to submit the first certification under 23 NYCRR 500.17(b). Institutions will need to address cybersecurity challenges including data encryption, annual certification, multi-factor authentication, and incident reporting.

In this episode of the InSecurity Podcast, host Shaun Walsh is joined by special guest Jake Bernstein, attorney with Newman Du Wors, to discuss how organizations can best navigate the new requirements, including examples of “covered entities,” key requirements, and exemptions to the regulations.