At a recent New York State Cybersecurity Summit, New York Attorney General Letitia James said, “Unfortunately, you know, New York State laws have not caught up to the 21st century, and it is critically important that we review the laws in the state legislature to ensure the privacy of New Yorkers is protected.”

Much of the focus of the summit was on recent state ransomware attacks.

The challenge is that even if New York state is able to update its laws to deal with these issues as the Attorney General states, the issue is jurisdiction.

Ransomware is a big business worth billions and criminals rely on anonymity as well as living in areas where there is no U.S. extradition treaty.

Hackers in Iran and North Korea for example can spread ransomware to the heart’s content and laws in New York state can’t get them.

Even though the leader of ISIS was killed about 24 hours ago, the terrorist group is still responsible for using ransomware to fund themselves. They can no doubt continue to do this without fear of being stopped.

The good for New York companies is their Attorney General cares about them and wants to help. The bad news is – it is an international problem and no state alone can do very much to get to culprits beyond their jurisdiction.

How do you stay secure or at least drastically reduce the risk? Just follow these three steps. Good luck!

1) Read cybersecurity essentials – a simple list which will help most organizations become far more secure.

2) Go to a phishing simulation vendor now and sign up for one of their offerings. Phishing Box, KnowBe4 and Phish360; are all great. This is needed to train workers by testing them without their knowledge by sending real-looking emails to their inboxes. If they click, they are immediately trained on what not to do.

3) We also recommend you get a free evaluation of your cybersecurity risk from an MSP/MSSP immediately – they can also help you build in the needed compliance to reduce the risk of being fined.