Skip to content Skip to footer

Texas and NY’s Cybersecurity Compliance Guidelines

We have noticed states facing an alarming amount of data breaches in the last few years, so they are adding stricter guidelines to help minimize more risks. Since states store vast amounts of data about citizens such as social security numbers, addresses, e-mails, financials, and more, creating a secure network must be a priority. All of this shiny, secret information attracts cyber criminals to work their skills to hack the system. While at least 32 states have their own data security laws, there are a couple states who have more recently added more guidelines such as Texas and New York.

House Bill 3834

The Texas House Bill 3834 passed a couple years ago, and it requires state and local employees to complete an annual Department of Information Resources (DIR) approved cybersecurity awareness training program. This was created after a massive cyberattack affected 22 towns in Texas. Why were they all planned to get hit at once? It was mostly small town businesses running basic websites without the right cybersecurity tools in place. In turn, the hackers requested a large sum of money. The new law applies to people working in state agencies, local government entities, and contractors of state agencies who use or have access to the computer systems.

While educating employees about cybersecurity definitely helps avoid breaches, they will still forget to create strong passwords. One person could set “Atlanta2!” as their password to access their laptop and other work accounts, and that is all a hacker needs to boost their pay day. Prevent this from happening by implementing a password filter.


NYDFS 23 NYCRR 500, created in 2017, applies to organizations in New York who provide financial services. This includes licensed lenders, insurance companies doing business in New York, mortgage brokers, credit unions, commercial and private banks and service contract providers. Companies who have fewer than 10 employees, less than $5 million in gross annual revenue for three years, or less than $10 million in year-end total assets are exempt. Following compliance involves annual penetration tests and bi-annual vulnerability tests, having a CISO on the team, establishing a cyber security program and cyber security policy, and encrypting sensitive data. This holds organizations accountable for protecting important data.

One of the ways organizations must comply is through regularly conducting penetration testing. Poor password choices represent one of the biggest weak spots on a network. nFront Password Filter is recommended by numerous pen testers and has helped companies finally pass.

We would be happy to assist you in creating the best password policy for your organization. E-mail us today! [email protected]

Leave a comment