Securing Non-Public Information


In recent years, the transmission of non-public information has been an expanding concern.  Due to these concerns, there have been several states which have implemented specific “Cybersecurity” requirements that have greatly impacted how companies conduct business.  C.A. Shea & Company, Inc. strives to protect our client’s sensitive information and take these concerns very seriously.

One of these states which has recently set these types of requirements is the state of New York (NY).  The New York State Department of Financial Services has enacted regulations regarding “Cybersecurity Requirements for Financial Service Companies.” Many of the requirements only impact a company’s internal processes and/or systems and therefore should not impact the standard flow of business.   That being said, you may experience changes related to email correspondence received from our office due to the NY regulations which call for the implementation of secure methods for transmission of certain electronic information which may be considered “Non-Public.”

To fulfill these requirements, C.A. Shea & Company is implementing secure email technologies when sending out emails containing this “Non-Public” information.  We have implemented two different methods for sending these secured emails:

The first method we have implemented, which is our default method, will attempt to send the email as a Transport Layer Security (TLS) encrypted email.  The TLS encrypted email is a solution where the sending and receiving email servers can securely transmit the email, server to server, over a TLS secure connection.  An email sent in this way will be ultimately received as a “normal” email on your end.  As TLS is a widely accepted standard it is likely your email system already supports this protocol.

However, if we cannot send a TLS encrypted email, our system will default to sending you an email indicating you need to securely log into the Message Pickup Center to retrieve your email.  The email received will include instructions on how to retrieve the secured email online.

In order to make these changes as seamless as possible, we recommend speaking with your IT Department to ensure your email is set up to receive TLS secure connections for email messages.  If your IT Department has any issues or concerns with this, they can feel free to contact our office to discuss the process.