Compliance and Security
Part 5 of 5: Comprehensive Compliance and Security with CDML
With the increasing complexity of cybersecurity threats, achieving and maintaining compliance with 23 NYCRR 500, WISP, PCI DSS, and the NY SHIELD Act is an ongoing challenge for financial firms. From Risk Management to Disaster Recovery (DR) and Incident Response (IR) Plans, each component of a robust cybersecurity framework is essential for protecting client data, payment information, and ensuring business continuity.
In this final post, we bring together these compliance elements and illustrate how a partnership with an MSP like CDML Computer Services offers tailored, collaborative solutions to support financial professionals in protecting their businesses, clients, and payment transactions.
A Partnership Approach to Compliance and Security
For many financial firms, especially smaller organizations, the resources required to maintain a multifaceted cybersecurity framework can feel overwhelming. CDML Computer Services provides not only the technology and expertise but also a partnership approach that prioritizes regular communication, reporting, and collaborative decision-making. By working together, CDML empowers firms to make informed, strategic choices that align with their compliance and security goals without overextending internal resources.
How CDML Computer Services Supports Each Compliance Element
- Risk Management and Employee Training
CDML conducts regular, detailed risk assessments to identify vulnerabilities across systems, software, and processes. Employee Security Training programs are also provided, helping staff recognize phishing attempts, suspicious activity, and potential threats. CDML delivers detailed assessment reports to help firms understand risks and proactively address them through shared planning and strategic decisions. - Data Encryption and Secure Cloud Storage
CDML’s Microsoft 365 Premium offering includes built-in encryption for emails and files, ensuring sensitive communications and data storage remain secure. Additionally, Secure Cloud Storage and Infrastructure as a Service (IaaS) provide encrypted, scalable solutions for firms to confidently store and manage client and payment data, both in transit and at rest. Regular reports allow firms to monitor their data storage and encryption status, giving decision-makers a clear view of their security landscape. - Continuous Monitoring and Automated Alerts
Through Defender for 365 and SonicWall network security devices, CDML provides real-time monitoring and automated alerts. This continuous surveillance enables swift response to any detected threats. CDML delivers monitoring and incident reports, giving firms insight into any security events and enabling data-driven discussions on further strengthening defenses. - Access Control and Password Management
Access control is a core component of both PCI DSS and WISP. CDML supports firms with LastPass for password management and Multi-Factor Authentication (MFA), ensuring that only authorized personnel can access sensitive data. CDML’s reports on account usage and login patterns provide transparency and facilitate discussions on refining access policies to better protect client data and cardholder information. - Disaster Recovery (DR) and Incident Response (IR) Plans
CDML’s secure cloud backups and IaaS solutions support data recovery after disruptive events, such as ransomware attacks or system outages. By integrating DR and IR planning, CDML helps firms minimize downtime and maintain continuity, preserving client trust and compliance during incidents. Regular backup and incident response reports offer insights on system resilience, allowing firms and CDML to collaboratively enhance recovery strategies.
Real-World Success: Collaborative Compliance with CDML Computer Services
Consider a small CPA firm that was struggling to meet compliance due to budget constraints and limited IT resources. After partnering with CDML Computer Services, the firm implemented continuous monitoring, secure cloud backups, and regular employee training. CDML provided monthly reports on network activity, data backup integrity, and account access. When a phishing attack targeted the firm, CDML’s monitoring quickly detected and contained the threat, while the incident report offered valuable insights for future prevention. This example demonstrates how CDML’s collaborative, reporting-based approach simplifies compliance, mitigates risks, and strengthens financial professionals’ reputations.
Compliance Requirements and CDML Solutions
The table below summarizes the key compliance requirements from 23 NYCRR 500, WISP, PCI DSS, and the NY SHIELD Act, along with the corresponding solutions provided by CDML Computer Services.
| Compliance Requirement | Description | Applicable Regulations | CDML Solution |
| Risk Assessments | Regular evaluations to identify vulnerabilities and prioritize security efforts | 23 NYCRR 500, SHIELD, PCI DSS | Comprehensive Risk Assessments; Employee Security Training |
| Secure Data Access and Controls | Access restrictions, including role-based access, to limit exposure to sensitive data | WISP, SHIELD, PCI DSS | LastPass Password Management with MFA; Role-Based Access Solutions |
| Network Segmentation | Segment networks to isolate sensitive data from other traffic | PCI DSS, SHIELD | SonicWall Firewall with segmentation; Custom IaaS configurations |
| Encryption | Ensure data encryption both at rest and in transit to prevent unauthorized access | 23 NYCRR 500, SHIELD, PCI DSS | Microsoft 365 Premium (includes email encryption); Secure Cloud Storage |
| Continuous Monitoring and Alerts | Real-time monitoring and alerts for prompt detection of suspicious activity | 23 NYCRR 500, PCI DSS, SHIELD | Defender for 365; SonicWall Firewalls; SLA for continuous monitoring |
| User Account Monitoring | Monitor user accounts for unusual activity or inactivity | 23 NYCRR 500, PCI DSS | User Account Activity Reports; Access Log Monitoring and Management |
| Backup Management and Reporting | Regular backup management, testing, and reporting for reliable recovery in case of an incident | 23 NYCRR 500, WISP, SHIELD | Secure Cloud Storage for Backup; Backup Management and Reporting Solutions |
| Network Device Scanning | Regular scanning to ensure network devices are secure and compliant | 23 NYCRR 500, PCI DSS | SonicWall Network Device Scanning; Regular Network Audits |
| Content Access Blocking | Control access to harmful or restricted content to maintain network integrity | PCI DSS, SHIELD | SonicWall Content Filtering; Secure Web Gateway |
| Disaster Recovery (DR) Plans | Plan for restoring access to systems and data following a cyber incident or disruption | 23 NYCRR 500, WISP, SHIELD | Secure Cloud Storage for Backups; IaaS for scalable recovery infrastructure |
| Incident Response (IR) Plans | Detailed steps to contain and investigate security incidents | 23 NYCRR 500, PCI DSS | CDML Incident Response Planning and Support; Employee Security Training |
| Employee Security Training | Ongoing training to help employees identify and respond to cybersecurity threats | WISP, SHIELD, PCI DSS | CDML Employee Security Training Subscriptions |
| Compliance Reporting | Provide regular reports and logs to demonstrate adherence to regulatory requirements | 23 NYCRR 500, WISP, PCI DSS, SHIELD | CDML Compliance Reports; Monitoring and Incident Logs |
Achieve Compliance and Security with a True Partnership
With the right partnership, financial firms of any size can achieve compliance with 23 NYCRR 500, WISP, PCI DSS, and NY SHIELD Act requirements. CDML Computer Services provides not only the expertise, technology, and guidance needed to implement a robust cybersecurity framework, but also a collaborative approach focused on reporting, transparency, and shared decision-making. By working closely with CDML, firms can focus on serving their clients with confidence, knowing that regulatory compliance and data security for both client and payment information are continually monitored and optimized.
This post is the final part of a 5-part series on the compliance and technology challenges facing financial professionals in New York. In this series, we explored the key components of cybersecurity and data protection required to meet 23 NYCRR 500, WISP, PCI DSS, and the NY SHIELD Act.
The series includes:
- Understanding 23 NYCRR 500 – Technology and Compliance Challenges and Solutions for Financial Professionals in New York
- Building a Secure Foundation – The Written Information Security Program (WISP) and Data Access Controls
- Strengthening Cybersecurity with Risk Management, Encryption, and Continuous Monitoring
- Preparing for the Unthinkable – Disaster Recovery (DR) and Incident Response (IR) Plans
- Comprehensive Compliance and Security with CDML Computer Services
