Article
Source: Law360
Article
10.13.25
A recent article by Pillsbury partners Mark Krotoski and Brian Montgomery highlights the New York State Department of Financial Services’ (NYDFS) final phase of updated cybersecurity regulations, effective November 1, 2025. The changes require financial institutions to implement multifactor authentication (MFA) and maintain comprehensive asset inventories, reflecting a broader regulatory push for stronger data protection and access controls.
The article notes that while MFA is now mandatory, limited exceptions apply for small businesses or alternative controls approved by a Chief Information Security Officer. Institutions are advised to review internal policies, assess compliance gaps, and strengthen cybersecurity practices to avoid enforcement actions and reputational risks.
To read the full article, click here (subscription required).