Absolute Cybersecurity Protection is an Imperative for Title Insurance Companies in New York!
In 2017 the New York State Department of Financial Services (NYSDFS) implemented 23 NYCRR 500 designed to make sure that firms in certain industries have cybersecurity protocols in place to securely protect the NPI, or non-public information, of their clients.
To summarize the parameters, Section 500.00 mandates that ‘It is critical for all regulated institutions that have not yet done so to move swiftly and urgently to adopt a cybersecurity program and for all regulated entities to be subject to minimum standards with respect to their programs. The number of cyber events has been steadily increasing and estimates of potential risk to our financial services industry are stark. Adoption of the program outlined in these regulations is a priority for New York State.’
Title companies are among the businesses categories subject to the regulations, and Hallmark Abstract Service is in compliance, and has made data security of our clients a priority since the company began business in 2008. The requirements include…
- Identify all cybersecurity threats, both internal and external.
- Employ defense infrastructure to protect against those threats.
- Use a system to detect cybersecurity events.
- Respond to all detected cybersecurity events.
- Work to recover from each cybersecurity event.
- Fulfill various requirements for regulatory reporting.
Company Could Be Fined $1,000 for Each Violation of State Cybersecurity Law
‘The New York State Department of Financial Services has filed civil charges against First American Title Insurance Co., a subsidiary of First American Mortgage Corp. that’s been accused of exposing hundreds of millions of documents that contained customers’ mortgage and personal data.
The charges, announced Wednesday, are the first to be brought under the department’s Cybersecurity Regulation, which went into effect in March 2017. The regulation requires banks and other financial services firms to maintain certain cybersecurity standards, including conducting risk assessments and having the ability to notify regulators and consumers in a timely manner following a security incident.
In the charges filed this week, state officials accuse First American Title Insurance Co. of not only exposing customer data, but also failing to conduct a proper investigation into the cause of the exposure, which was discovered during an internal penetration test in December 2018 (see: First American Mortgage Faces NY Regulator Inquiry, Lawsuit)...’
Read the entire article by clicking on the article title above.