Your employees may understand that they risk identity theft every time there’s a major cyber breach at a store they’ve patronized. But do they know that even more of their personal information is available to hackers via their employee benefits plans? It’s a risk that an increasing number of business owners and CEOs have had to confront. How to safeguard employee data — and avoid the significant expense of a managing a breach response — are just some of the questions that business leaders face around this issue.
Virtually any type of employee benefit plan is vulnerable to hackers. These include pension plans, health and welfare plans, and retirement savings accounts. All represent a rich source of personally identifiable information (PII).
First, hackers can gain access to the employee’s personal health information. Armed with that information, cyber thieves can do everything from file fraudulent insurance claims, get prescription medication, and even blackmail the employee.
Hackers may also gain access to the actual employment benefit accounts, potentially using the accrued amounts as fraudulent assets to obtain lines of credit under the employee’s name.
Of course, being able to completely steal the employee’s identity is one of the most concerning threats. And given that employee enrollment forms will have birthdates, email addresses, official residence addresses, and social security numbers — at a minimum — there’s a strong potential for wide-scale identity theft using the PII.
The average worker assumes that accessing his or her employer’s cash reserves and financial information would be the more attractive target than that of its employees. But a company is one entity and can move quickly to protect its holdings after a firewall is breached. A business’ large number of employees, however, represent better odds for a cyber attack. Even if many of them are able to protect their PII after a breach is discovered, the odds of capturing at least some employees’ personal data are still high.
Employee benefit planning is often handled by the third-party provider. And even when these plans are managed internally, the business may be using software that’s vulnerable to attack. For convenience, the employee plan programs are designed to be accessible to more than one agency or company, and by using different platforms.
Yet the same technology that makes the software so easy for multiple parties to access is also what can make it more vulnerable to cyber attack.
Unfortunately, pension planners, insurance companies and other partner providers still rely on “old school” tech to stop hackers. While anti-virus software might be helpful to stop non-corporate cyber attacks, it’s not always up to the task of more sophisticated hackers.
Also, federal regulations don’t consider employee benefits information as sensitive as personal health records. For that reason, regulations aren’t as strong on the pension side of benefits as they are on the medical records aspect.
The threat to employee benefit plans information is ever-growing. But the good news is that business leaders can put several safeguards in place, protecting that information on several fronts.
If you use an outside provider to oversee your employee benefits programs, it’s essential to carefully examine what safeguards those partner providers have in place to protect the information they handle. If your own staff is handling the benefits program, it’s essential that they receive the most advanced and up-to-date training available. Even staffers proficient in software and administrative safeguards may not be aware of the latest viruses and scams by which hackers may gain entry.
Perhaps most crucially, you’ll need to set up a chain of command and strict protocol about how all information is handled. From your own IT specialists and human resources administrators to outside benefit plan providers, access should be limited to the scope of that department’s work. The more sensitive the information is, the fewer people should have access to it.
Hiring a reputable firm of cybersecurity experts will immediately put technological safeguards in place to protect employee PII. These experts can also train business leaders and relevant staffers about how to administer their employee benefits plans accounts safely — and how to select third-party benefit program providers that also put cybersecurity first.
Curious to learn more? Contact your Atlanta managed IT service provider today!
40% of businesses will incorporate the anywhere operations model to accommodate the physical and digital experiences of both customers and employees (Techvera).
The three sectors with the biggest spending on cybersecurity are banking, manufacturing, and the central/federal government, accounting for 30% of overall spending (IDC).
It takes an average of 287 days for security teams to identify and contain a data breach, according to the “Cost of a Data Breach 2021” report released by IBM and Ponemon Institute.
More than 33 billion records will be stolen by cybercriminals by 2023, an increase of 175% from 2018.
Forty-three percent of attacks are aimed at SMBs, but only 14% are prepared to defend themselves (Accenture).
The cost of cybercrime is predicted to hit $10.5 trillion by 2025, according to the latest version of the Cisco/Cybersecurity Ventures “2022 Cybersecurity Almanac.”.
The average cost of a data breach in the United States is $8.64 million, which is the highest in the world, while the most expensive sector for data breach costs is the healthcare industry, with an average of $7.13 million (IBM).
The internal team was energized. With the Level 1 work off its plate, the team turned its attention to the work that fueled company growth and gave them job satisfaction.
We did a proof of concept that met every requirement that our customer might have. In fact, we saw a substantial improvement.
We did everything that we needed to do, financially speaking. We got our invoices out to customers, we deposited checks, all the things we needed to do to keep our business running, and our customers had no idea about the tragedy. It didn’t impact them at all.
“We believe our success is due to the strength of our team, the breadth of our services, our flexibility in responding to clients, and our focus on strategic support.”