The world has always been a risky place, perhaps more so in 2020 than at any time in recent memory.
The Coronavirus has turned everyday tasks such as shopping, pumping gas or visiting friends and family into risky adventures. The need for social distancing has also fueled online sales of everything from steaks and shoes to cars and couches. More financial transactions are taking place online than ever.
But rocketing Internet activity has created new risks as cybersecurity threats multiply. It’s become increasingly important to work with other companies that take cybersecurity seriously, especially when it comes to protecting your digital assets and, in the case of your firm’s retirement plan, your employees’ financial security.
No company can provide an ironclad guarantee against cyber threats. So how do you evaluate whether a firm is keeping its guard up and locking its doors to cyber threats? How can you cover your assets in a world where criminals have traded masks and guns for laptops and routers?
It’s helpful for employers that sponsor retirement plans and benefits for employees to keep abreast of best practices for cybersecurity. Most retirement plan and benefits providers have created policies and procedures to protect their data and yours. Reviewing their policies and procedures is a good starting point. Start with some pointed questions:
Has your retirement plan provider created a Retirement Account Protection Policy? Everyone who works for your retirement plan provider should be held responsible and accountable for the information they handle. All employees should receive regular, extensive training about data privacy and cybersecurity risks. Training should include how cyberattacks happen, how they can be prevented and the consequences of one occurring.
Does your provider conduct random testing of its employees through many different behavioral exercises to raise awareness on items such as phishing? Regular testing can help employees remain vigilant to cyber threats, becoming wiser in the ways of web-based criminals. Monitoring test results can also help a provider better understand its cyber strengths and weaknesses, and continue to fortify its defenses as those threats morph over time.
Aside from training, has your provider built a cybersecurity infrastructure to guard against risks and protect your data? A security infrastructure should include teams proficient in threat intelligence, ethical hacking, digital forensics, fraud prevention and a fast-acting incident response.
Does your provider monitor cyber threats? The most vigilant firms maintain a threat intelligence team to closely monitor threats in the world of the dark web, where criminals publish and sell personal data obtained through cyber incidents. For example, MassMutual’s Threat Intelligence team knew about the Equifax breach before it was made public because we saw people trying to sell the information on the dark web. This heightened our security level.
A threat intelligence team should monitor a provider’s network 24/7 to identify bad actors and groups pinging our network, web applications and other public-facing digital assets. A provider should also closely monitor its executives and other high-risk associates.
Does your provider employ “ethical hacking?” Ethical Hacking sounds like an oxymoron, like jumbo shrimp or deafening silence. However, a hacking team consists of highly skilled individuals whose sole role is to use the latest techniques and technologies to identify vulnerabilities in a provider’s digital security so any weaknesses can be corrected before criminals exploit them.
Who is minding the store? One of the biggest risks to cybersecurity is internal behavior. A digital forensics team focuses on a provider’s employees and physical data security. The teams are responsible for detecting threats from insiders by monitoring activity versus roles-based profiles, looking for anomalies in printing, data usage, website browsing and physical entrance into the facility. Regularly reviewing data practices can help defuse any risks before they turn into an incident.
Does your provider have dedicated teams focused on keeping your assets safe to prevent, detect and respond to fraudulent activity? Fraud prevention and detection is a requirement for doing business in today’s world. There are several areas of focus for fraud prevention teams, including fraud awareness training for client-facing employees and field associates; communications and monitoring on existing and potential fraud situations; monitoring and analytics of client accounts to identify potential fraud; telephone call monitoring with specialized software; suspicious activity review and investigation; authentication of callers and online users; controls for disbursement of funds; and industry knowledge sharing.
What happens when stuff happens? Sometimes, no matter how vigilant a company is to preventing data breaches, stuff happens. That’s when an incident response team is called. These teams are responsible for maintaining and practicing an incident response plan, so your provider can react quickly if a data breach occurs. This team also provides management and oversight of all cyber events and data security incidents.
Your provider should also share information and best practices with industry groups, conduct independent risk assessments and monitor third-party vendors to ensure their security does not introduce vulnerability to customer data.
Share Your Questions and Concerns
Cybersecurity is constantly evolving so it’s helpful to have a resource you can depend upon to protect your digital assets. MassMutual’s relationship managers and client engagement managers are always available to discuss cybersecurity and can provide more in-depth information about how we protect data. There are some activities and protections that we do not publish and our capabilities are continually evolving as cyber criminals attempt new ways at stealing data.
The Coronavirus pandemic has accelerated the use of the web as a sales, delivery and financial management tool. Many of those changes are here to stay and will only continue to revolutionize how Americans conduct business.
Cyber criminals are seeing new opportunities to commit fraud. That makes cybersecurity more important than ever and creates a shared responsibility to protect data. MassMutual is here to answer any questions you have about cybersecurity, partner with your data protection professionals, and cover your assets.
More from MassMutual …