As a reminder for New York employers, the New York Cybersecurity Regulation (Part 500) requires regulated entities to assess their cybersecurity posture and safeguard consumer information against unauthorized access by cybercriminals.

In its April 2025 update, the New York State Department of Financial Services (DFS) highlighted upcoming deadlines:

• Compliance Submissions: By April 15, 2025, covered entities must submit either a “Certification of Material Compliance” or an “Acknowledgement of Noncompliance” through the DFS online portal.

• Access Management: By May 1, 2025, implement policies for enhanced user access, audits, termination of access, and complex password requirements.

• Vulnerability Management: By May 1, 2025, automated system scans will be conducted to detect vulnerabilities and implement controls against malicious code.

• Monitoring and Training: By May 1, 2025, certain entities must implement endpoint detection and response solutions and centralized logging.

• Enhanced MFA Requirements: By November 1, 2025, implement multifactor authentication for all individuals accessing information systems.

DFS will guide to assist entities of all sizes in complying with these regulations. Covered entities should review the amendments and assess their readiness for these upcoming deadlines.

For additional information: NY – Cybersecurity Resource Center

This communication is intended solely for the purpose of conveying information. The present post might incorporate hyperlinks directing readers to websites managed by third-party entities. The inclusion of any links within this communication is meant to serve as points of reference and could encompass opinion articles from various law firms, articles from HR associations, official websites, news releases, and documents of government agencies, and other relevant third-party sources. Vensure has no authority over these external websites and bears no responsibility for their content. Furthermore, Vensure does not endorse the materials present on these websites. The contents of this communication should not be interpreted as legal advice or as a legal standpoint concerning specific facts or scenarios. Nor should it be deemed an exhaustive compilation of facts potentially pertinent to federal, state, or local laws. It is strongly advised that employers solicit legal guidance from an employment attorney when undertaking actions in response to any legal updates provided. This is due to the possibility of future alterations occurring in federal, state, and local laws, regulations, as well as the directives and guidelines issued by governing agencies. These changes may transpire at any given time, potentially rendering certain portions of the content within this update void or inaccurate.