August 22nd, 2018
8:00 am – 9:30 am EST
If your firm is the victim of a cybercrime attack where client data is compromised, you will NOT get such sympathy. You will be instantly labeled as stupid or irresponsible. You will be investigated and questioned about what you did to prevent this from happening – and if the answer is not adequate, you can be found liable, facing serious fines and lawsuits EVEN IF you trusted an outsourced IT support company to protect you. Claiming ignorance is not an acceptable defense, and this giant, expensive and reputation-destroying nightmare will land squarely on YOUR shoulders. But it doesn’t end there…
According to New York State laws, you will be required to tell your customers that YOU exposed them to cybercriminals. Your competition will have a heyday over this. Clients will be irate and leave in droves. Employees will blame you. Your bank will NOT come to your rescue either, and unless you have a very specific type of crime insurance, any financial losses will be denied coverage by your general business liability policy.
Please do NOT underestimate the importance of these threats. It is NOT safe to assume your IT company (or guy) is doing everything they should be doing to protect you; in fact, there is a high probability they are NOT, which we explain in the upcoming Executive Webinar, “What You Must Have In Place Now To Be DFS 23 NYCRR 500 Compliant”.
Capstone IT takes compliance and security company seriously - working 24/7/365 to educate and protect our business clients all over Western NY from cyber-attacks. We are passionate about making technology secure for small and medium-sized financial firms in the Rochester and Buffalo area and have a stellar reputation for fast, proactive service built over 14 years.
Unfortunately we regularly see reputable financial firms like yours being financially and reputationally devastated due to ineffective or nonexistent compliance and security programs. We are determined to WARN as many financial firms as possible about the VERY REAL threats facing their firms so they have a chance to protect themselves and everything they’ve worked so hard to achieve.
We frequently get calls from financial firms desperate for help because they received an urgent letter from a client or DFS asking them to validate their IT security systems. Often this is the second or third request. They ignored first several requests – or more likely the firm’s leaders either didn’t know how to answer the questions or were afraid to answer truthfully for fear of repercussions.
It doesn’t have to be that way for your firm. We can show you a simple process to achieve and maintain compliance. We will also help you respond to any client, regulatory body, or insurance broker about your cybersecurity posture – any time they ask.
MOST importantly we will teach you to recognize the telltale signs that your business and data are NOT protected (leaving you a sitting duck) so you can get ahead of these threats and PREVENT them from happening in the first place.
Given the need for specialized industry insight and knowledge of regulations, Capstone invested in both talent and strategic partnerships to compile an unmatched, turnkey New York State DFS 23 NYCRR 500 Compliance and Cybersecurity offering for our banking, insurance, and financial services firm clients. Our Compliance Subscription for DFS 23 NYCRR 500.02 program includes the four most important pieces of a properly-developed compliance program. These four critical pieces of your compliance and security program are:
1. Employee Education & Security Awareness Training - We strongly recommend awareness training for all financial firms. There are many online, computer-based training offerings on the market, but only Capstone provides comprehensive, engaging, on-site awareness training that is topical and up-to-date.
2. Business Risk Assessment – The goal of an IT security risk assessment is to identify and quantify the risks to the firm’s information assets. Using an easy-to-understand series of non-technical questions, the Capstone cyber team will identify and quantify your current cybersecurity posture relative to your practice and will work with your IT team to remediate any discovered shortcomings.
3. Network Vulnerability Assessment – A vulnerability assessment builds on the risk assessment and uses enterprise-grade software coupled with a team of cybersecurity analysts to measure the technical safeguards in/around your network. The deliverable is a prioritized list of discovered vulnerabilities and recommendations to remediate them.
4. Customized, Written Policies and Procedures –Well-written security policies and procedures allow employees to clearly understand their roles and responsibilities within predetermined limits. Capstone will create your IT policy and procedure manual from scratch, including a Cyber Incident Response Plan (CIRP) and a Disaster Recovery Plan (DRP). If you have existing written policies and procedures, our team will review and update them to reflect your current posture and validate them against your internal practices. Five specific security measures you want to put in place IF you are using cloud computing or mobile devices to access your company network.
That’s a common first response, but know this, compliance and cybersecurity are executive leadership issues to address, not IT problems to solve. Less than 1/3 of the work product to create a proper compliance and cybersecurity program is technical in nature. When it comes to protecting your firm, you need to know for certain – without any lingering doubts – that you are doing everything you can to avoid being an easy target for cybercriminals.
Remember, most of the data your firm possesses or controls belongs to your clients, not to your firm. YOU, not your IT guy, have an ethical and fiduciary responsibility to maintain their confidentiality. Whether it is from the Department of Financial Services (DFS) or a compliance certification request from a client, make no mistake, if you cannot demonstrate a grasp of the requirements and your firm’s compliance with them, you could face fines, penalties, or even the loss of high-profile clients who won’t trust their most important information with a firm that can’t be bothered to put their security ahead of convenience and profitability.
You’ve spent a lifetime working hard to get where you are. No one gave you anything. You earned every penny and every client through honest means – not to mention a stellar reputation. Don’t put it all at risk over an ineffective or nonexistent compliance and security program. Get the facts and be certain you are protected at our upcoming Executive Webinar, “What you Must Have In Place Now to be DFS 23 NYCRR 500 Compliant”.
Virtual seating is limited to the first 24 executives who register. Fill out the form below to save your spot today!
August 22nd, 2018
8:00 am – 9:30 am EST