The New York Department of Financial Services (NYDFS) Cybersecurity Regulation (23 NYCRR 500) is a set of cybersecurity requirements designed to protect financial institutions and consumers from cyber threats. It applies to banks, insurance companies, mortgage lenders, and other financial service providers operating in New York. To ensure strong cybersecurity

On-the-Fly Encryption (OTFE) is a way of keeping data secure without getting in the way of how people work. It automatically encrypts files as they’re saved and decrypts them the moment an authorized user accesses them. Everything happens seamlessly in the background, so sensitive data stays protected without interrupting

The Payment Card Industry Data Security Standard (PCI DSS) is a set of security requirements designed to protect credit card transactions and consumer payment data from fraud and breaches. It applies to any business that processes, stores, or transmits payment card information, including retailers, financial institutions, and online merchants. To

Personally Identifiable Information (PII) is any data that can be used to identify a specific individual, including direct identifiers, such as names, social security numbers, and biometric data. As well as indirect identifiers, which might include IP addresses, phone numbers, and birthdates, when combined with other data. Organizations that collect,

Protected Health Information (PHI) is any individually identifiable health information that is created, received, stored, or transmitted by a HIPAA-covered entity or their business associates. Under the Health Insurance Portability and Accountability Act (HIPAA), PHI includes any information related to an individual’s past, present, or future physical or mental

Phishing is a method that cyber attackers use to impersonate trusted entities such as banks, employers, or government agencies. The goal is to trick individuals into revealing sensitive information like passwords, credit card details, or personal data. These attacks typically occur through emails, fake websites, text messages, or phone calls

Public Key Infrastructure (PKI) is a framework of policies, technologies, and procedures used to manage encryption keys and digital certificates for securing online communications and data exchanges. PKI enables organizations to establish trust, authentication, and confidentiality in digital transactions. How PKI Works PKI is reliant on a pair of cryptographic

Ransomware is a type of malicious software (malware) that encrypts a victim’s data or locks them out of their system, demanding a ransom payment to restore access. Cybercriminals often use phishing emails, compromised software, or network vulnerabilities to deploy ransomware, targeting both individuals and businesses. Ransomware remains one of

Role-Based Access Controls (RBAC) is a security framework that restricts system access based on user roles and permissions within an organization. Instead of granting broad access, RBAC ensures that individuals can only access data and systems necessary for their job functions, reducing security risks and unauthorized access. How RBAC Works

Safe Harbor is a legal framework or agreement that protects against liability when specific conditions are met. In data privacy and cybersecurity, Safe Harbor principles have historically been used to facilitate secure data transfers between different jurisdictions while ensuring compliance with privacy regulations. One of the most well-known applications was