Maria Vullo
I asked that question of Maria Vullo, former New York State Department of Financial Services (NYDFS) superintendent, at Compliance Week’s inaugural cyber-security and data privacy event last month.
“I’d say training,” said Vullo, who helmed the agency when it created comprehensive cyber-security regulations. “Businesses need to do more to make sure their employees and business partners know what to do when they see anything suspicious, what not to click into and share, how to protect information, and how to appreciate who has privileged access and why.”
“An important component of a business’s resiliency against cyber-intrusions depends upon employee training, because a large number of such intrusions are due to employees making mistakes,” she added.