Cybersecurity has become an increasingly important issue over the past few years, and now, concerns over attacks from Russia make this issue even more critical to address. The goal is to prevent cybersecurity events for both businesses and individual customer accounts. In response to these threats, the New York Department of Financial Services (NY DFS) has decided to implement new cybersecurity guidance to help keep everyone safe.

What Is the New NY DFS Guidance?

These new regulations require multifactor authentication (MFA) for users of any website that provides financial services. Multifactor authentication sends a one-time code or push notification to a mobile device or personal email address that must be entered in addition to the user's password. The account cannot be accessed unless the user successfully passes both steps of the authentication process. This means a hacker cannot access the account unless they have access to the person's mobile device or private email.

Why Multifactor Authentication?

Multifactor authentication is like adding an extra layer of defense against a hacker compromising an account. Some types of MFA use two layers of defense, such as a password and one-time code, and others add even a third layer to the sign-in process. When combined with a secure password, this makes it extremely difficult to access your individual information and compromise your account. Financial accounts are a lucrative target for hackers, and that's why this regulation focuses on the financial industry. It can be expected that in the future this will become standard for any business website.

Challenges to the New Rule

Keeping accounts safe is a challenge because many people want to have passwords that are easy to remember and that have special meaning to them. Everyone knows by now that you should never use a password like sequential numbers or part of your name, birthday, or city. Passwords like this can be easily guessed by software. Having a strong password is the first step in good cybersecurity, but in today's world, hackers have become more sophisticated, and even the best passwords can allow account access by the determined hacker with the right software.

The problem is that most people do not want to take the time to create a secure password, and they do not want to have to remember it every time they are asked for one. One of the key problems is that users tend to be resistant to multifactor authentication because it requires an extra step and takes a little longer to sign in. Resistance to using good security protocols when it comes to passwords and account security is one of the reasons why regulators felt they had to step in and issue this guidance.

Regulators understand that this new ruling may be more difficult for small entities, and they are considering an exemption for small businesses. According to regulators, this ruling was in response to a report that found many cybersecurity events could have been prevented if MFA were already in place. All institutions and larger businesses must have an incident response team or plan in place, especially those that allow third-party access to the information, such as insurance portals.

The reasoning behind this regulation is that preventing a cyberattack is much better than the best incident response. Regulators also realize that this is not a guaranteed solution to prevent cyberattacks. For instance, SMS-text messaging can be vulnerable to man-in-the-middle attacks where a hacker can intercept text messages. The NY DFS estimates that the cost of implementation of the new regulations will be around $33 per employee. By comparison, the average cost of a breach for a small business is around $108,000, according to Prowriter’s Insurance.

Where Will This Go in the Future?

Multifactor authentication, as it exists today, is only the beginning of where the technology is expected to go in the future. Because passwords can be compromised so easily, even secure ones, some companies are beginning to develop solutions that eliminate passwords altogether. These systems will depend on layers of text messages, phone calls, one-time passcodes, and biometrics to keep your account protected. These factors will work with public and private keys to provide an even higher level of security.

Unfortunately, as advances in account security become more sophisticated, so do the methods that hackers use to compromise accounts. Keeping your account safe begins with good practices like having a secure password, turning on multifactor authentication, and taking extra measures to make sure that no one has your password, but you.

This new regulation is designed to help keep user accounts safe. Multifactor authentication may be a hassle from a user’s standpoint, but so is a compromised financial account and the potential losses that should occur. This is an unfortunate inconvenience that is a result of the world we live in today and advances in technology on both sides of the cybersecurity fence.

At Perspective Omni Media, we can help you meet these new requirement and stay up-to-date with all the latest security practices. Our team of experts works across operating systems, platforms, and applications to to ensure security and compliance for your entire organization.  Contact us today and see how we can advance your company's cybersecurity posture.