With cybercrime front and center in the news again thanks to the ransomware attack that closed Baltimore County’s public schools, it’s a good time to take a new look at the risks and how to mitigate them.
While many organizations focus their attention on their operational data – and rightly so – there’s another very ripe target for cyber criminals, and that’s your benefits plan. Your health, savings and retirement plans may be even more attractive targets than your company data, because they contain personally identifiable information (PII) like Social Security numbers, birth dates and email addresses, not to mention financial data including account balances and direct deposit details.
Further, the fact that most company plans are connected to several outside service providers creates multiple points of entry for hackers. Add to all that the work-from-home (WFH) environment brought about by the pandemic, with employees connecting remotely and perhaps even using personal devices to access company networks, and you have a recipe for disaster.
And those disasters are costly: Beyond the IT-related costs of recovering compromised data and restoring system integrity, there may be monetary losses to plan participants, reputational damage to the company and even fines at the federal level resulting from the breach of medical information. In short, it’s much less expensive to prevent an attack than to recover from one.
What to do? Here are four suggestions:
Technology: The days of installing a virus scanner on each workstation and hoping for the best are long gone. Businesses of any size need multifaceted security solutions, and those solutions should be reviewed regularly with your IT services provider.
Education: The majority of successful cyberattacks begin with an employee clicking on a malicious link or attachment in an email. Others happen when devices are stolen and used to access company networks. All your employees, and especially those with access to sensitive information, need to be trained on recognizing phishing attempts and securing their devices, at the very least.
Review: Older agreements may not be appropriate for preventing and mitigating modern cyberattacks. If you connect remotely to vendors, or vice versa, review those agreements carefully to determine what measures are being taken to prevent breaches, and who bears the responsibility if one occurs. If you have a WFH policy for employees, make sure it’s updated with appropriate cybersecurity clauses.
Insure: Like any other criminals, hackers will tend to seek out the easiest and most weakly defended targets. But the truth is that determined cybercriminals may be able to find a way to breach your network even if you take every possible precaution. You must have adequate first-party and third-party cyber liability coverage, and like everything else here it should be reviewed at least annually to make certain you’re fully protected.
According to the University of Maryland, a new cyberattack happens every 39 seconds. These prevention and mitigation measures will help to make sure the next one doesn’t happen to your organization.
Questions about benefits plans or cyber liability? Contact Consolidated Insurance.