The New York State Department of Financial Services (NYDFS) tagged BitFlyer USA with $1.2m fine for failure to follow State mandated Cybersecurity Regulation 23 NYCRR Part 500.
NYDFS discovered multiple deficiencies in the Company’s cybersecurity program including:
Failure to conduct a periodic risk assessment of its electronic information resources sufficient to inform the design of the cybersecurity program.
Failed to establish and maintain an effective cybersecurity program and implement a written cybersecurity policy — reviewed and approved by the licensee’s board of directors at least annually.
Takeaways:
You need to be aware of all the regulatory entities under which you fall. If you are licensed in the State of New York, be sure you know if they view you as a Covered Entity.
If you are submitting your policies and procedures to a regulatory body, double check your global search and replace for “ABC Company” in your canned policies is successful for all references. It’s going to be tough to convince the Auditor you have a functioning Cyber program that’s been thoroughly vetted and implemented if you can’t even correctly identify your own firm. At least it was for BitFlyer USA.
Source: New York State Department of Financial Services
Would you like a free, no-obligation Cybersecurity Benchmarking of your organization showing where you stand vs. industry-accepted practices? Click here to schedule a time with one of our associates.