NY | The New York Department of Financial Services has issued an Industry Letter providing guidance on multi-factor authentication.
Multi-Factor Authentication (“MFA”) is an essential part of cybersecurity hygiene. This was true even in 2016 and 2017, when the Department of Financial Services (“the Department” or “DFS”) drafted 23 NYCRR Part 500 (the “Cybersecurity Regulation” or the “Regulation”). MFA was already considered an essential control, which is why it was one of the few technical controls explicitly required by the Regulation. MFA’s importance hasn’t changed – if anything, the increase in cybercrime has made MFA even more essential.