Your browser identified itself as a version of IE that was often shipped with default settings that were less than secure. Your internet experience could be made more secure by opening Internet Options in your browser, going to the Advanced tab and looking under the security settings for "Use TLS 1.1" and "Use TLS 1.2". Ensure these are turned on (checked). Doing so will enable your browser to support a higher quality of encryption on this and other websites. You will still be able to browse this site without turning on support for TLS 1.1 and 1.2, but we will have to use a lower level of encryption to accomodate you. See this question on Stack Exchange's Superuser forum from 2011 for more details keeping in mind the comments about TLS 1.2 non-support were made many years ago, and things have changed since then.

If the support for better cryptography has been turned on for your browser, thank you, and you can safely ignore this advisory.

Browser Security Alert

NYCRR 500 Compliance

New York Cybersecurity Regulations for Financial Services

In March 2017, the New York State Department of Financial Services issued 23 NYCRR 500, a new set of standards and requirements for banks, insurance companies, and other financial services organizations. With a few exceptions for smaller organizations, all businesses licensed by the New York DFS must comply with the law, which is being implemented in stages from 2017 to 2019.

NYCRR 500 applies to all financial services firms that do business in New York, whether the organizations are based there or elsewhere. Covered entities are required to establish formal cybersecurity programs and document their cybersecurity policies, in addition to meeting several other requirements:

  • Conduct cybersecurity risk assessments
  • Ensure the security of their applications
  • Implement data protection methods, including encryption
  • Use appropriate controls to limit access to sensitive information

In addition, the law indirectly establishes rules for third party service providers that have access to covered entities’ nonpublic information. Covered organizations are required to develop third party security policies that will effectively apply many 23 NYCRR 500 mandates to service providers who are not licensed by the New York DFS.

Meet NYCRR 500 Requirements with Smartcrypt

PKWARE’s Smartcrypt combines strong encryption, simplified key management, and intelligent data discovery to enable enterprise-wide control over sensitive data. With Smartcrypt, financial services organizations and their third party service providers can improve their data security while ensuring compliance with 23 NYCRR 500 and other government or industry mandates.

PKWARE’s innovative Smartkey technology automatically generates, synchronizes, and exchanges encryption keys according to your organization’s security policies, making the process automatic for end users. Smartkeys can be managed using Smartcrypt’s administration console and can be stored on third-party dedicated key management appliances.


Solution Sheet

Smartcrypt can help your organization protect its data and meet NYCRR 500 standards.


Whitepaper

A detailed look at NYCRR 500 requirements and strategies to ensure compliance.


Smartcrypt Platform

Learn more about PKWARE's smart encryption platform.


NYCRR 500 Requirement

Smartcrypt Solution

Risk assessment
(Section 500.09)

In order to protect its data, an organization must first understand how much information it has and where the information is located. Smartcrypt Data Discovery enables organizations to detect sensitive information on end user devices and in network storage locations. Discovery agents can be configured to detect data based on each organization’s unique needs and business processes.


Encryption of nonpublic information
(Section 500.15)

Smartcrypt applies strong data-level encryption to sensitive information, ensuring that the data remains inaccessible to unauthorized users, even if stolen or mishandled. With simplified key management and cross-platform operability, Smartcrypt is the only solution that facilitates true enterprise-wide encryption.


Application Security
(Section 500.08)

Smartcrypt Application Encryption is a software development kit that allows organizations to incorporate strong encryption into their existing applications with only a few additional lines of code. Encryption can be applied to structured and unstructured data.


Audit trails and activity monitoring
(Section 500.06 and Section 500.14)

The Smartcrypt Enterprise Manager facilitates complete administrative control over encrypted information. Access control lists determine who is authorized to decrypt protected information, while Smartcrypt’s Data Security Intelligence tools provide full reporting on every encryption and decryption operation.


Third party security policies
(Section 500.11)

Smartkey technology allows organizations to exchange sensitive information with third parties securely and easily. Third-party access privileges can be granted or revoked at any time without the need for re-encryption.

Benefits

Smartcrypt locks down data, helping organizations meet their compliance goals and protect their critically-important information.

Meet NYCRR 500 standards for data security, risk identification, and reporting

Protect sensitive information at rest, in use, and in transit

Eliminate the negative consequences of a data breach

Lower IT infrastructure costs across every platform with a single solution for encrypting and compressing data

Support Center

Find commonly asked questions & help here.

View Support Site

Help Request

Our expert technicians are standing by.

Get Help Now

Sales Team

Request an expert consultation.

Contact Sales