With threats increasing every day, cyber security is not area companies can afford to compromise
Now that the nation’s first statewide cyber security law has taken effect, companies are scrambling to avoid hefty fines by making sure they meet its requirements. Unfortunately, too many are realizing that their lack of time and expertise – combined with a national shortage of cyber security employees to expand IT departments – leaves them ill-equipped to comply.
The groundbreaking 23 NYCRR 500 law covers any business or organization that reports to New York’s Department of Financial Services (DFS), even if it is based outside the state. Although limited exemptions do apply for small businesses that meet specific criteria, all companies overseen by NYS DFS must comply with most of the components of the new regulation. Analysts predict it won’t be long before other states follow suit, and the new law eventually serves as a model for national cyber security regulations.
New York’s mandate is a direct response to the alarming increase in cybercrimes aimed at businesses. Sobering statistics abound: 64 percent of companies have experienced a cyber-attack; 50 percent of cyber-attacks target small and medium-sized businesses in the U.S; The average cost of any one data breach is expected to “exceed $150 million by 2020, as business infrastructure becomes even more connected;” 60 percent of businesses are forced to close their doors after a successful attack.
But there is hope in the midst of this increasingly unsafe digital landscape: 97 percent of data loss is preventable if it is protected where it is created, accessed, and stored. Since most businesses lack the expertise or manpower to make that happen, they are turning to cyber security experts like CyberGuard360 to help them protect confidential information and satisfy New York’s regulations. Although the idea of giving any third party access to critical corporate applications and sensitive data can be uncomfortable at first, these companies understand that reputable cyber security partners are a much better defense against determined hackers than anti-virus software and in-house IT staffs with divided responsibilities and limited exposure to the ever-evolving threat landscape.
An experienced cyber security provider remains vigilantly up-to-date on the constantly changing threats created by cybercriminals. They also already have the expertise and tools to detect a wider range of attacks than in-house employees without the time or training to discover every possible breach. Remember, it only takes one successful attack to cost companies large amounts of money and damage their credibility in the market.
The needs of every business are unique, so CyberGuard360 offers several tiers of customized service plans to help companies meet the mandates of 23 NYCRR 500. They range from turn-key outsourcing to self-serve plans that provide critical support to existing IT departments in businesses with a limited exemption. Most of the new regulations are already considered best practice in the industry. Read on to determine the plan that provides the best level of assistance to get your company compliant with the new law.
Does your company qualify for a limited exemption? Here’s how we can help:
Self-serve – This plan allows your company to become compliant for as little as $99 a month, as long as you have an internal IT staff or network administrator that can handle about two hours a week of maintenance work. This tier includes employee training and refreshers, access to risk and vulnerability assessments, compliance deadline reminders, and access to a complete compliance portal where you can customize your cyber security policies and programs. CyberGuard360 also includes an incident response plan designed to quickly contain cyber events.
- Estimated monthly time for client: 8 hours
- Estimated set-up time for client: 20 hours
- Monthly fee: $149
- Set-up fee: $995
Assisted – This service tier gets you compliant with only about an hour of work a week for your IT staff. Besides the offerings of the self-serve plan, it includes an endpoint security suite, a Web security suite and anti-ransomware protection with forensics.
- Estimated monthly time for client: 4 hours
- Estimated set-up time for client: 12 hours
- Monthly fee: $249
- Set-up fee: $1995
Outsourced – This turn-key level of service takes all the burden of getting compliant off your shoulders – an important advantage as 1.9 million cyber security positions are expected to go unfilled at companies by 2019. A CyberGuard360 security engineer helps you complete a risk assessment, and then creates customized cyber security policies and programs for your company. That includes all of the benefits of the previous tiers, plus email and file encryption, a managed firewall and a proprietary ACE (Advanced Cyber Event) appliance that detects on-network, internal cyber events. CyberGuard360 also takes responsibility for monthly monitoring and notifying DFS of any reportable cyber events.
- Estimated monthly time for client: 0 hours
- Estimated set-up time for client: 3 hours
- Monthly fee: $399
- Set-up fee: $2995
Is your company non-exempt? Let us get you compliant:
The Full Package – CyberGuard360 makes it easy for companies who are required to wade through all 16 sections of the new law to understand their responsibilities. This package includes all of the components of our outsourcing tier that guide you effortlessly toward compliance, but adds multi-factor authentication. Pricing is based on the number of users, which is determined by the highest number of employees, workstations or endpoints involved.
- 10 to 25 users: $795 a month, $1995 set-up fees
- 26-50 users: $1495 a month, $2995 set-up fees
- 51 or more users: Pricing determined by size
The mandate of New York’s new regulations is clear: the frightening increase in sophisticated cyber-attacks makes security an area that companies cannot afford to compromise. Businesses that do not meet its requirements are subject to stiff fines, as well as continued vulnerability to data breaches that could destroy their reputations and their bottom lines. Finding a quality cyber security provider is essential for companies that don’t have the in-house ability to satisfy the law and keep their customers’ confidential information safe.
CyberGuard360’s clients across four states and 40 industries are guided safely through the threat landscape. Our wide array of services includes system security suites, risk assessment, education, and training and disaster recovery, and we specialize in helping New York companies comply with 23 NYCRR 500. If you’d like us to put our expertise to work for you, we’d be happy to help. Call us at 844-315-9882 or use our contact form for a free consultation.