On Wednesday, July 22, 2020, almost three and a half years after the Department of Financial Services’ (DFS) cybersecurity regulations (23 N.Y.C.R.R. Part 500) became effective, DFS issued its first enforcement notice.

The COVID-19 pandemic forced many employers to make difficult operational and personnel decisions to ensure the longevity of their business. Some businesses that were ordered to close may have been able to continue paying their employees, but many had to turn to layoffs or furloughs in order to survive.

Last week, the New York Department of Financial Services (“DFS”) issued guidance to entities it regulates about maintaining cybersecurity awareness during the COVID-19 pandemic. Businesses have likely already seen the numerous news alerts regarding the increased risk of cyberthreats as bad actors take advantage of the upheaval caused by the current health crisis. At the end of March, the FBI reported that its Internet Crime Complaint Center had already received over 1200 complaints of COVID-19-related scams.

Entities and individuals subject to the cybersecurity regulations from the New York State Department of Financial Services (“DFS”) will see a change to this year’s filing deadlines.

Large business data breaches - like the one affecting 100 million Capital One credit card customers and applicants - remain commonplace, so much so that they are becoming accepted as the new normal in today’s climate of consumer dealings. They shouldn’t be.