Cyberthieves are capturing names, dates of birth, social security numbers, bank information, passwords, and then selling the information on the Dark Web. Because they are super-saturated with this Private Personal Information, retirement plans and health plans are great targets for these criminals. It is more important than ever for the Payroll and HR professionals who manage these plans, along with their IT staffs, to take all the steps possible to keep data safe.
Start by evaluating the system you have in place already. To what risks are you open? Do you need to create a wall to block cyberattacks? You may need to install third-party software to monitor for attacks and send you alerts if anything is detected, or even contract with an expert to strengthen your firewalls, etc. This may mean you have to get buy-in from your C-suite, but it shouldn’t be too hard to convince them that this is a real threat.
What To Do:
- Make sure your third party vendors who send transactions into your system are also practicing healthy security habits.
- Backup your data and keep copies stored someplace other than your main system.
- Enforce strong passwords.
- Safe, secure disposal of personal, private information is a must – shred papers, or erase magnetic media.
- NEVER publish social security numbers.
In Case of a Breach
If you do suffer a breach of health insurance information, HIPAA requires that you notify your covered employees within 60 days, and also notify the Office for Civil Rights within 60 days if the breach affected at least 500 individuals. And of course, immediately fix the problem that allowed the breach. Lastly, report the incident to law enforcement, but protect the personal and private information.
Look to your state laws for what to do if you suffer a breach of pension plan information.
Remember, there is no such thing as being too prepared against a cyberattack