17414_Authority_April_2024

municipalauthorities.org | 29 Cybercrime and Employee Benefit Plans By Clyde Villa, GBDS, Territory Manager, National Insurance Services Every day, news headlines are filled with stories of data breaches and cyberattacks. Unfortunately, even employee benefits plans are not immune to these threats. In fact, they are especially vulnerable. With organizations and benefits providers relying heavily on electronic access, new vulnerabilities are constantly being created. In 2022, cybercrime caused $6 trillion dollars 1 in damages. Cyberthreats include phishing, ransomware, and malware attacks. Risks Retirement, savings, health plans, and any other type of employee benefit plan is vulnerable to hackers. These types of plans can be exposed to privacy, security, and fraud risks. They are at risk due to: ¾ Personal identifiable information including Social Security numbers, email addresses, and birth dates. Since this information is permanently associated to an individual, it can be misused over a long period of time. ¾ Financial information including direct deposit information, compensation, enrollment data, and account balances. These accounts can be targeted to request loans, withdrawals, and distributions. ¾ Many benefit plans are connected to other service providers or vendors. This includes those that offer vision, dental, health insurance, retirement plans, and more. Consequences When a cyberattack occurs, there are consequences for all parties involved. Consider the following: ¾ Significant expenses may be involved in detecting the extent of the breach, conducting investigations, managing incident responses, recovering compromised data, and restoring the integrity of the entire system. ¾ Monetary losses may occur to participants, the plan, or service providers if personally identifiable information is stolen. ¾ If a security breach occurs, organizations may face operational disruption and damage to their reputation. Both may require additional costs to fix. ¾ Penalties or fines may occur if health plan information is released, and it violates federal laws Mitigate Risks Employees working remote must understand cyber threats and how to protect sensitive organization and employee information. To mitigate risks, consider the following measures: ¾ To protect and control data, it's important to properly monitor and maintain up-to- date technology. Vulnerabilities can be determined by conducting a gap analysis, penetration testing, or other assessments. ¾ Educate employees on how to handle personal data. Discuss things like passwords, locking computers, and opening questionable emails or attachments. 1 dataprot.net/statistics/cybercrime-statistics/