United States of America: NYDFS issues guidance on malwares containing cybersecurity requirements

On 30 June 2021, the New York State Department of Financial Services (NYDFS) published its "Ransom guidance" on how to protect financial services companies and their customers from malware. Particularly, the Department recommended against paying ransoms and noted that companies should implement a preventive cybersecurity program that includes email filtering systems, anti-phishing training, patch management, Multi-Factor Authentication, minimization of the use of Remote Desktop Protocols, strong passwords and principle of least privileged access. Moreover, the NYDFS stated that companies should report ransomware attacks to the NYDFS as promptly as possible and prepare backups and plans for monitoring and responding to attacks.