NYDFS leads in taking additional action on Equifax for the 2017 security breach

The NYDFS (New York Department of Financial Services) and banking regulators from seven other states – Alabama, California, Georgia, Maine, Massachusetts, North Carolina, and Texas – are taking further action against Equifax over its massive 2017 data breach.

Under a consent order signed with the eight state banking commissioners, Equifax is required to take corrective actions on:

  • Information technology
  • Audit
  • Board and management oversight
  • Vendor management
  • Patch management
  • Information technology operations

Financial Services Superintendent Maria T. Vullo said: “The consent order announced today between Equifax and the commissioners of eight state banking departments demonstrates the necessity of continued state oversight of financial services companies […] In an era of weakened federal government oversight, strong state regulation is essential in order to safeguard our markets, ensure strong consumer protections and hold regulated entities accountable for their actions.”

The NYDFS continues taking the lead. On November 1, 2018, it will oversee the implementation of the country’s first state-mandated cybersecurity standards.

Prepare your organization for increasing cybersecurity regulation

In this case, Equifax was made to take corrective action, but penalties can be even more severe. Under Financial Services Laws 102, 201, 202, 301, 302, and 408, the NYDFS superintendent has the authority to issue civil penalties and impose fines for non-compliance with regulations and false reporting.

More states are beginning to bolster their information security regulations, so it’s important that your organization is well equipped to handle potential data breaches. Having an ISMS (information security management system) can help your organization stay protected. An ISMS is a system of processes, documents, and technology that helps manage, monitor, audit, and improve your organization’s information security. ISO 27001 is the international standard that describes best practice for an ISMS. Achieving accredited certification to ISO 27001 demonstrates that your organization is following information security best practice, and delivers an independent, expert assessment of whether your data is adequately protected.

Learn how to implement an ISMS and achieve ISO 27001 certification

IT Governance’s ISO 27001 Foundation and Lead Implementer courses will guide you through the ISO 27001 ISMS implementation process. You will gain an understanding of the activities needed to plan, implement, and maintain an ISO 27001-compliant ISMS. Learn more about the ISO27001 Certified ISMS Foundation Training Course and the ISO27001 Certified ISMS Lead Implementer training course.

Save 15% with our ISO27001 Foundation and Lead Implementer Combination Course.

 Leaders in ISO 27001

Not sure where to start? 

Speak to an ISO 27001 implementation expert today. We’ll send you an obligation-free quote based on your specific needs.