NYSDFS Cybersecurity Requirements

23 NYCRR 500 requires financial services companies operating in New York to implement robust cybersecurity programs to protect against unauthorized access, use, disclosure, disruption, modification, or destruction of sensitive information.

Get Instant Access

In this tutorial, we will review the 3 most important steps you can take to recover your gmail account from a breach. 

Implement a cybersecurity program

An email breach occurs when an unauthorized person gains access to your inbox and has the ability to send, read, and delete mail from your account

Implement a Chief Information Security Officer (CISO)

We are going to show you three places to look and security features to activate that will lock the bad actor out of your account, and prevent further breaches of your Gmail account. 

Conduct risk assessments


  1. From the corner of your Gmail, click the circle and select Manage your Google Account button.

2. Select Security from the left hand menu

3. Select Password from the bottom right side. We will come back to this section from 2-step Verification later

4. The next screen will have you verify your current password. If you have forgot your password, click “Forgot Password” to begin the recovery process.

Report cyber events

6. After you reset your password, which will kick out the bad actor from your mailbox, it is time to prevent this from happening again by turning on a security feature, two factor authentication. Navigate back to Security on the left hand menu and select 2 Step-Verification 

7. Click Get Started to begin 

8. Type your cell phone number on the first line, and select text message

9. Type in the code from the text message and select Next

10. Click on Turn On to activate 2-step Verification

Encrypt non-public information

Annual cybersecurity certification

Multifactor authentication

2. We will want to check Accounts and Import to confirm the user did not add their email as a backdoor. Your settings should look like this for check mail from other accounts. Should you see any unauthorized accounts here, disconnect them.

3. Check Filters and Blocked Addresses, to make sure they did not block email from any legitimate email accounts, or place filters that would automatically send your new emails into trash. Your settings should look like this, unless you have legitimate filters or blocked addresses here.

5. Now that you have secured your account, there are some places you can check to review what was sent, and potentially reach out to those contacts to warn/or let them know not to click any mail that was sent from you, to them. 

Head to your SENT mailbox and check on the activity for who and what was sent out.

6. Head to your trash folder to review any emails that the bad actor may have been hiding, such as phony invoices or replies from your contacts.

What are the cyber requirements of 23 NYCRR 500?

The NYDFS Cybersecurity Regulation is considered one of the most comprehensive state-level cybersecurity regulations in the United States, and it sets a high standard for companies operating in the state of New York to protect sensitive information.

Secure your business from cyberattacks.

Find out 10 reasons why small businesses need better cybersecurity.
Secure Backups

Cloud backup solutions or disaster recovery site options on Long Island, NY.

Encryption Services

IT system, databases, transport protocols, and email encryption tools.

Cyber Programs

A comprehensive set of policies and controls that considers cybersecurity regulations required by your industry.

Mobile Device Management

Control devices with access to private data on or off your network.