Cybersecurity Regulations

Affecting Long Island Businesses

National Cybersecurity Regulations

The federal government places struct regulations onto businesses nationwide to ensure data is protected.

New York State Cybersecurity Laws

On a state level, New York cybersecurity laws are strictly enforced to ensure important data is not breached.

New York State
National

NYDFS Cybersecurity Regulation (23 NYCRR 500)

This regulation applies to financial institutions, insurance companies, and other businesses regulated by the NYDFS. It sets requirements for cybersecurity policies and procedures, including conducting regular risk assessments, encrypting non-public data and more.

New York SHIELD Act

expands on existing data breach notification laws. It includes new data security requirements for businesses that collect personal data from New York residents. It requires businesses to implement "reasonable safeguards" to protect personal information, including encryption, access controls, and regular risk assessments.

New York State’s General Business Law Section 899-aa

Requires businesses to implement reasonable data security practices to protect personal information. The law mandates safeguards to ensure sensitive consumer information is secured, including policies around data encryption, access controls, and cybersecurity training for employees.

HIPAA

sets standards for the protection of health information. Organizations that handle protected health information (PHI) must implement security measures to safeguard patient data.

The Cybersecurity Act of 2015

Calls for the creation of a cybersecurity framework, which includes best practices for managing cybersecurity risks. Known as NIST Cybersecurity Framework.

GLBA (Gramm-Leach-Bliley Act)

GDPR provides strict regulations around the collection, storage, and handling of personal data. U.S. companies serving EU citizens must ensure their practices comply with GDPR’s data protection rules.

Take a Deeper Look at Compliance

Learn More

Why Is This So Important?

Hefty Fines

Failure to comply could result in massive fines.

01 Legal Action

If legal action is taken against the business, it could cause reputational damage.

02 Data Breaches

Failure to follow the standards of the law makes a business more vulnerable to attacks. Cyber attacks can cost large amounts of money and damage reputations.

03

How ETS IT Solutions Can Help You Meet Compliance Requirements

Cybersecurity Risk Assessments

Conduct regular risk assessments to identify vulnerabilities and ensure that systems and data are protected.

Data Protection

Implement data encryption practices for both data at rest and in transit to protect sensitive information.

Compliance Audits

Offer regular audits to ensure that the organization is complying with relevant regulations such as HIPAA, GDPR, or PCI DSS.

Incident Response and Breach Management

Develop and implement incident response plans to ensure businesses are ready to act quickly in case of a cybersecurity breach.

Privacy Policies and Data Retention

Help businesses draft privacy policies that are in line with GDPR, CCPA, or other regional data privacy laws.

Multi-Factor Authentication (MFA) Implementation

Set up and enforce multi-factor authentication across business systems to strengthen security and comply with regulatory requirements.

Access Controls and Identity Management

Implement role-based access controls (RBAC) to ensure only authorized personnel can access sensitive data or systems.

Cloud Security and Compliance

Help businesses ensure their cloud services meet necessary compliance standards (e.g., SOC 2, HIPAA, etc.).