CAN YOU PASS A CYBERSECURITY AUDIT?
The Garlick Group, doing business as Cyber Compliant – a partnership with ID360 and Cyberlitica – prides itself in providing small and large businesses with all the tools and services necessary for business compliance with Local, State, Federal, and Professional Association Cyber Regulations.
As of last year, at least 43 states and Puerto Rico introduced or considered close to 300 bills or resolutions dealing significantly with cybersecurity. Thirty-one states enacted cybersecurity-related legislation in 2019.
These laws are not State specific. You may have a financial advisory business in New Jersey, but have clients in New York. Because clients are located in New York, you are subject to the New York Laws.
Are you sure you can pass a Cyber Audit from:
- The State of New York
- The State of California
- The State of Colorado
- The State of Massachusetts
- The Securities and Exchange Commission
- The American Bar Association
- The European Union (GDPR)
- And many others
All these laws and regulations have many things in common:
- Requiring Businesses to establish a cybersecurity program through periodic internal and external risk assessments that may threaten the security or integrity of Nonpublic Information on Information Systems.
- Create and maintain written policies and procedures to protect Nonpublic Information on your Information Systems.
- Document and limit User Access privileges.
- Perform periodic risk assessments that address changes of Information Systems, Nonpublic Information or business operations are required to inform the design and changes of the cybersecurity program.
- On a periodic basis the secure disposal of any Nonpublic Information that is no longer necessary for legitimate business operations is required unless it must be retained by law or regulation.
- Designate a qualified Chief Information Security Officer. The CISO may be employed internally or by a Third-Party Service Provider.
- Controls must be implemented to protect Nonpublic Information that is held or transmitted over external networks and at rest via encryption. The CISO must annually review and approve these controls.
- A written incident response plan must be designed to respond and recover from any Cybersecurity Event materially affecting the confidentiality, integrity or availability of Information Systems.
- Regularly train all employees in Cyber Security risks and hygiene.
Various States and Entities have additional requirements depending upon the size of your company.
Failure to comply with these laws and regulations could result in fines in excess of $250,000!
The Garlick Group provides a complete program to ensure compliance, including:
|Perform a Risk Assessment of your IT Environment||Search the Dark Web with your email addresses for any indications of any exposure and other risks|
|Provide you with a detailed analysis of your Risk Assessment Environment||Provide the you with a list of discovered weaknesses to correct|
|Provide you with a set of Cyber Security Policies consistent with the Cyber Regulations for you to adopt||Train all your employees in Best Cyber Security Practices and Hygiene|
|Provide you with a Certificate of Completion for each employee who takes all the training||Provide you with whitepapers, checklists, and application tools (e.g. Password Analyzers) to improve the Client’s internal security environment|
|For one year monitor the Dark Web for any indications of breaches and other risks||Provide your employees exclusive access to ID360’s ID Check Up Tool, allowing them to easily access reports from Credit Bureaus and other public databases|
|At your request, file for your limited exemption from the NY DFS Regulations, and file all certifications.||Provide all employees and their families personal, comprehensive Identity Recovery services and access to deeply discounted monitoring plans|
If you have any question regarding to what Laws, Regulations, or Ethical Guidelines you and your business may be subject, contact The Garlick Group for a complimentary review, firstname.lastname@example.org