The main purpose of theft and robbery is to take prime assets away to make money or become rich. In today’s world, data thieves operate on the same principle – to take personal and financial data in exchange for money or recognition. Data is the main asset of consumers today. The retail industry is a target for payment card data, the finance industry for financial assets and investment data and even the media industry is not spared and prime-time shows like HBO's Game of Thrones’ episodes were hacked and leaked. Even the recent Equifax data breach only shows that personal data can be as valuable as any financial asset.
Take the example of UFCW Local 655 Food Employers Joint Pension Plan – they suffered a ransomware attack late last year and that shows that the retirement industry can be a target too. There sure is a lot of data for hackers to benefit from! A ransomware attack is a type of hacking or cyber security threat where hackers get unauthorized access of victim’s information systems and encrypt its data, preventing the owner of the information from accessing it. Unless the victim pays a sum of money as ransom or bitcoins worth $2000 in the case of UFCW Local 655, the encrypted data is not released.
In this particular case, the data at risk was dates of birth of individual members, their social security numbers and bank account information all of which are part of any retirement or 401(k) plan. There is also a wide range of service providers that render various types of services to retirement agencies – auditors, actuaries, investment managers, law firms, accountants, and brokers to name a few. These stakeholders have access to all the personal member information and disclose them at various levels while servicing the retirement industry. Do these organizations have sufficient safeguards in place to keep the data safe? What is the retirement industry doing in terms of effective practices and data encryption?
Pension agencies can definitely take some proactive steps to keep their member data safe from hacking and ransomware. In our experience, here are some best practices we discuss and implement for our clients.
At the recently concluded National Council on Teacher Retirement (NCTR) conference in Arizona, one of the panel discussions was exactly to discuss the current and future state of Cybersecurity and Ransomware in the pension industry. Diann Clift from Sagitec and an expert in the public pension industry moderated the session with three other veterans of the industry. The discussion led to insights from the experts on the current state of affairs and ideas to protect data from hacking and ransomware.
Here are some salient points discussed by the panel.
We are glad to consult and talk to agencies who might be interested in knowing more about trends and best practices in cybersecurity today. Please do reach out in the comments section below and we will get back to you with answers.