In September I first told you about the New York Department of Financial Services new cybersecurity rules for banks and financial services companies doing business in New York. These regulations come in the wake of repeated cybersecurity breaches at many banks and other financial services companies. While the regulations set minimal standards all institutions must follow, the regulations were written in a manner to encourage companies to go further and not limit security innovation. Among the provisions of the regulations are the establishment of the position of chief information security officer at each company as well as increased use of encryption and dual factor authentication. In addition, the proposed regulations also carry potential criminal liability for officials of companies not meeting the new standards. The regulations were originally to go into effect on January 1, 2017, however the effective date was postponed until March 1, 2017. Financial firms have an additional 180 days to make the changes necessary to comply with the regulations before any enforcement actions will be taken by New York authorities who have also promised a transitional period for compliance with the rules.
While these regulations are a good start toward more secure banking, it is still important for all of us to take responsibility for our own secure banking. First and foremost you should monitor your bank accounts often for indications of any irregularities. You should be particularly careful when banking with your smartphone or on your computer. Use a strong password, strong security question and multi factor authentication whenever possible. Here is a link to a column which I wrote for USA Today with more tips on how to protect yourself when banking online or on your phone.