According to recent estimates from the University of Maryland, there is a cyberattack every 39 seconds. Data breaches and cyberattacks are daily headlines—and employee benefits plans are no exception to that threat.
In fact, employee benefits plans are even more vulnerable as the coronavirus pandemic continues. Organizations and benefits providers are relying heavily on electronic access, ultimately creating new vulnerabilities.
Virtually any type of employee benefits plan is vulnerable to hackers. The plans can be exposed to risks relating to privacy, security and fraud.
Retirement, savings and health plans are attractive targets for cybercriminals seeking access to plan assets and the personal information of participants and beneficiaries. Sensitive information is valuable information when it comes to cyberattacks.
Benefits plans are at risk as a result of the following factors:
Some examples of cyberthreats include phishing, malware and ransomware attacks. Lost or stolen mobile devices, laptops and flash drives that hold personal information are additional tangible threats to benefits plans.
Cyberattacks on benefits plans can have substantial consequences for all parties involved. Consider the following:
As many employees and providers may be working from home, it’s especially important to understand cyberthreats and how to proactively protect sensitive organization and employee information. To mitigate cyber risks, consider the following measures:
To shift cyber risks, consider the following measures:
With many employees working remotely as a result of the pandemic, plan sponsors should consider updating work-from-home policies to include cybersecurity clauses.
Open enrollment season is a good time to carefully review organization and vendor security technology and policies, along with any contracts, insurance or other coverage. All parties involved should have adequate data protection strategies in place.
Always be prepared for the worst to happen. In the unfortunate event of a security breach, it’s important to be prepared with a basic communication and action plan. Even better, incorporate security breaches in an organization’s comprehensive reputation management plan. Keep in mind all internal and external audiences, and appropriate actions to protect information and restore overall system integrity. If not handled quickly and appropriately, reputational damage could be an additional threat to all parties involved in employee benefits plans.