Can You Pass a CyberSecurity Audit?
Cyberlitica in partnership with Cyber Compliant is now providing businesses with all the tools and services necessary for business compliance with Local, State, Federal, and Professional Association Cyber Regulations.
As of last year, at least 43 states and Puerto Rico introduced or considered close to 300 bills or resolutions dealing significantly with cybersecurity. Thirty-one states enacted cybersecurity-related legislation in 2019.
These laws are not State specific. You may have a financial advisory business in New Jersey, but have clients in New York. Because clients are located in New York, you are subject to the New York Laws.
Are you sure you can pass a Cyber Audit from:
- The State of New York
- The State of California
- The State of Colorado
- The State of Massachusetts
- The Securities and Exchange Commission
- The American Bar Association
- The European Union (GDPR)
- And many others
What is Required
All these laws and regulations have many things in common:
- Requiring Businesses to establish a cybersecurity program through periodic internal and external risk assessments that may threaten the security or integrity of Nonpublic Information on Information Systems.
- Create and maintain written policies and procedures to protect Nonpublic Information on your Information Systems.
- Document and limit User Access privileges.
- Periodic risk assessments that address changes of Information Systems, Nonpublic Information or business operations are required to inform the design and changes of the cybersecurity program.
- On a periodic basis, the secure disposal of any Nonpublic Information that is no longer necessary for legitimate business operations is required unless it must be retained by law or regulation.
- Designate a qualified Chief Information Security Officer. The CISO may be employed internally or by a Third-Party Service Provider.
- Controls must be implemented to protect Nonpublic Information that is held or transmitted over external networks and at rest via encryption. The CISO must annually review and approve these controls.
- A written incident response plan must be designed to respond and recover from any Cybersecurity Event materially affecting the confidentiality, integrity, or availability of Information Systems.
- Regularly train all employees in Cyber Security risks and hygiene.
Various States and Entities have additional requirements depending upon the size of your company. Failure to comply with these laws and regulations could result in fines in excess of $250,000
What does CyberCompliant Provide
We provide a complete program to ensure compliance, including:
A Risk Assessment of your IT Environment Search the Dark Web with your email addresses for any indications of any exposure and other risks
- A detailed analysis of your Risk Assessment Environment Provide you with a list of discovered weaknesses to correct.
- A set of Cyber Security Policies consistent with the Cyber Regulations for you to adopt training all your employees in Best Cyber Security Practices and Hygiene.
- Certificates of Completion for each employee who takes all the training provided you with whitepapers, checklists, and application tools (e.g. Password Analyzers) to improve the Client’s internal security environment
- One year monitoring of the Dark Web for any indications of breaches and other risks provide your employees.
Exclusive access to ID360’s ID Check-Up Tool, allowing them to easily access reports from Credit Bureaus and other public databases
- At your request, file for your limited exemption from the NY DFS Regulations, and file all certifications.
- Comprehensive Identity Recovery services for all employees and their families, and access to deeply discounted monitoring plans.