In the past few years, cyber hackers have become vastly more sophisticated, both at infiltrating systems and eluding detection; however, employee cybersecurity training hasn’t evolved to effectively prevent hackers’ increased savvy: While 84 percent of organizations experience staff-related security incidents, 60 percent of businesses admit their employees have no knowledge of security risks.
Wherever technology is involved, information security can’t be far behind. While we lean on technology to help streamline Annual Enrollment and benefits administration, and make the user experience more positive and personalized, we can’t ignore that technology also opens the door to personal data getting into the hands of the wrong people.
Security might not be a popular topic around the office, but it is an important one—especially if you’re in the benefits industry. By nature, the PHI that is handled—from Social Security numbers to medical information—makes HR and healthcare extremely attractive targets for cyber hackers. Handling this sensitive data means HR administrators need to ensure they’re making data security a priority within their organization. It’s HR’s job to protect your people – that includes protecting their most personal information.
Pop Quiz: What is looming right now, today, as the largest security threat to every piece of employee and HR data your company has stored in the cloud?
With all of the hand-wringing and media attention surrounding data breaches in the past year or two, you’d think that the number of breaches would be dropping dramatically. Unfortunately, that’s an erroneous assumption.
While listening to NPR (National Public Radio) recently, we couldn’t help but notice that of the brief descriptions of the program’s three corporate supporters, two referred to doing business in the cloud and to data security:
“Support for NPR comes from ... AT&T. With AT&T, the network is on demand, the office is mobile and the cloud is designed for high security. ... And Carbonite — providing secure and automatic backup and recovery for businesses and homes.”
Last week we kicked off Security Awareness Month at Businessolver by encouraging some serious hacking. We cheered on our VP of IT Systems, Tom Pohl, as he headed to Las Vegas to compete at the 23rd annualin the Network Forensics Puzzle Contest. Out of four years of competing as an individual, against teams, Tom has consistently placed in the top four each year. We are delighted to announce that this year, he did it again, taking an impressive 2nd place!
With the headlines filled to the brim with recent data breaches, it might be hard to flip the switch and view hacking as a good thing. But we’ve found that hacking—and good hacking, at that—to be one of our most prized secret weapons when it comes to data security.
Let’s face it. IT-speak does not come naturally to most HR leaders. It’s not necessarily what you’re trained in. Who really knows what “encrypted at rest” means, anyway? And why does it matter?
HR leaders are increasingly being asked to dive into the murky waters of cloud technology and data security, and to be able to discuss what they find with their IT people and the C-suite, a quick refresh on technical terms can go a long way. Here are 8 technical terms that HR should know to help bridge the gap when discussing HR technology security and risk.
A private health care exchange involves the sharing of multiple data points and technology platform security should be of utmost importance to companies that are utilizing, or considering, a private exchange. Ryan Keehn, Businessolver’s Assistant VP Information Technology, was recently interviewed by Brian Kalish, online managing editor for Employee Benefit Adviser, in a podcast tackling private exchange security. Ryan brought up five specific points that you should be discussing with your potential (and current) exchange providers to ensure that your data is secure.
By now you’ve no doubt heard about Anthem’s data breach last Wednesday that compromised the personal information of 80 million customers and employees. The information included social security numbers, names, employment information, addresses, phone numbers, email addresses, dates of birth and member ID’s. According to the Identify Theft Resource Center, medical and healthcare breaches accounted for more than 42% of data breaches in 2014. If this stat makes you shiver, that’s good—because it should. Cyber security and data breaches are a real threat and events like these are a fierce reminder to treat them as such.
In light of the recent event, we want to take a moment to reiterate our security practices and steps we are taking to help stop these types of events at Businessolver.
Cyber risk and data breaches have quickly moved from the occasional occurrence of a small shop or government institution that didn’t appropriately protect their information, to the normal topic of conversation when referencing well known household names. In reading a recent article by Alan Lyons in the New York Law Journal, “Finding the Right Level of Cyber Insurance Protection,” there was reference to how businesses today may still leverage more “traditional” types of insurance policies (like commercial general liability, commercial property, and employee dishonesty) and expect them to pick up the bulk of the costs in the event that they have a security breach. The reality of the situation is that things have changed--cyber liability is a real risk that has to be separately accounted for by an organization.
No matter your position on Sony's capitulation to the threats of cyber hackers, it is clear we now have a new paradigm in cyber security.
It was only a few weeks ago I was having a conversation with a friend. We were discussing the risk – a risk inherent in the business of benefit administration – that comes with our responsibility for managing private, personal and health information about the individuals who use our systems to select their benefits. You may or may not be surprised to hear that there is now an open market for this information and that its value varies – as does any commodity – with supply and demand. A very interesting article, here, regarding the drop in value of credit card information immediately following the Home Depot attack, highlights the sophistication of the people who seek this data.
But this is small potatoes.
How would you like to explain a $34 million data breach to your boss?
Chances are, you'd rather endure a tooth extraction than experience that conversation. But someone at Home Depot is doing just that. Home Depot is joining the ever growing list of this year’s data breaches, putting more than 56 million payment cards information at risk, adding them next to other big name breaches of the year.
Whether an employer is managing data on premise or hosting data in the cloud, there is a lot of value in the data that is used to manage employee healthcare.
We've said it before and we'll say it again:
You can't afford not to invest in security awareness today.
Today, an attack discovered on Healthcare.gov emphasizes the very core of that lesson. Security starts with awareness.
You can't afford not to invest in security awareness today. And you can't afford business partners that aren't focused on protecting your sensitive benefits data.
Everywhere you turn these days, it seems that another major retailer is highlighted in the media for a catastrophic data breach – think Target, eBay, and Michaels. But it doesn’t stop with major retailers. Plenty of healthcare and major insurance organizations have faced the same fate.
Recent breaches in data, like the one experienced by Target Corporation, highlight the need for cyber security now more than ever as more transactions take place electronically and cyber criminals continue to find ways to stay ahead of network security. When personal data is compromised, victims feel violated and helpless.