With cyber threats becoming increasingly common, the New York State Department of Financial Services (NYDFS) is tightening its cybersecurity rules. They have set new requirements for licensed financial services companies conducting real estate transactions in New York as part of cybersecurity regulation (23 NYCRR 500).
What to Know
Starting November 1, 2025, companies must use multi-factor authentication (MFA) to better protect sensitive data and systems.
- Effective date: November 1, 2025
- MFA will be required for:
- Anyone accessing your internal network from outside (like remote workers)
- Remote access to third-party or cloud apps that store non-public info
- All privileged accounts (except service accounts that don't allow logins)
- Anyone accessing your internal network from outside (like remote workers)
- MFA must include at least two of the following:
- Something you know (like a password or PIN)
- Something you have (like a phone or security token)
- Something you are (like a fingerprint or face scan)
How to Prepare
Take these steps to ensure your organization is compliant ahead of November 1.
- Check your MFA options: Make sure the methods you're using (or planning to use) meet the NYDFS standards.
- Get your team ready: Review your current security setup, choose the right MFA tools, train your staff, and regularly update your security protocols.
- Learn more: There is a limited exemption available for those who qualify. To review the criteria for exemption and for additional information on the new MFA rules, visit the NYDFS Cybersecurity Resource Center.
How SoftPro Can Help
If you have any questions or need help navigating these new requirements, reach out to SoftPro Support. We're here to help you stay secure and compliant!
- Call: 800-848-0143
- Email: support@softprocorp.com
Would you like to stay up-to-date on important regulatory and compliance updates? Make sure to subscribe to our Compliance Newsletter so you don't miss anything!
