Cyberattacks occur every 39 seconds.
Unfortunately, times of crises oftentimes create ample opportunity for cybercriminals to target vulnerable populations. While data breaches and cyberattacks continually make headlines, businesses should be taking extra precaution with regard to benefits providers. Because many benefits providers are preparing for a virtual open enrollment, reliance on electronic access and remote capabilities exposes potential for new vulnerabilities.
When it comes to benefits, cybercriminals typically target retirement, savings, health plans, and unemployment benefits. To do so, the following information is likely to be at highest risk:
- Personal identifiable information, including (but not limited to) Social Security number, birthdate, and email addresses.
- Financial information, such as enrollment data, account numbers, and account balances, which could be used for loan, distribution, and withdrawal requests.
- Multiple attack points because benefit plans are connected to multiple outside service providers and can come in the form of malware, phishing, and ransomware attacks.
To help mitigate risks before open enrollment, businesses should consider the following cybersecurity tips:
- Audit technology and software. To adequately protect and control data, ensure all your technology is up to date and evaluate any potential vulnerabilities through penetration or other assessments. If needed, invest in more robust technologies and software.
- Educate workforce. 95% of cybersecurity breaches result from human error. Proper training on identifying cyberattacks, handling personnel or otherwise confidential data, and cybersecurity best practices (i.e., locking laptops, adequate passwords, encrypting documents, etc.) can help reduce cyber vulnerabilities.
- Review and educate business partners. Whether it’s a business partner or a service provider, vetting vendors and partners of proper security measures is highly advised. Like educating your workforce, who you do business with should also mitigate cyber risks.
- Prepare for a cyberattack. In the event of a cyberattack, it is important to have a strategy to address it promptly and effectively. Ensure you have a crisis response team and procedures to implement should a worst-case scenario arise. It doesn’t hurt to review contracts to ensure proper levels of protection against cyber risks are available, as well as obtaining cyber liability insurance to assist with financial losses in the case of a data breach or cyberattack.
To learn more about mitigating cybersecurity risks and safeguarding your employees’ sensitive information, especially with open enrollment approaching, please contact AccessPoint. Our HR management team can provide industry best practices and services tailored to your business needs.