Is Your Cybersecurity Plan Ready for Coronavirus?

Coronavirus could be a trial by fire for financial firms' cyber defenses. (Photo: Dimitri Karastelev, Unsplash)

Companies across the financial ecosystem are shifting employees to telecommuting to slow the spread of coronavirus among their staff and customer base. This could be a trial by fire for firms that haven’t proactively stepped up cybersecurity programs.

[Related: Coronavirus Concerns For 401k Plan Sponsors]

Bad actors are already using COVID-19 fears to prey on victims, using virus-themed messages in phishing and malware attacks. The World Health Organization warned in February that criminals are using its identity to steal money and sensitive information from victims.

Large firms, in particular, may find their VPNs can’t handle the increased capacity if their entire workforce is suddenly working from home. The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency urges firms to test “VPN limitations to prepare for mass usage and, if possible, implement modifications—such as rate limiting—to prioritize users that will require higher bandwidths.”

Securing data is a top concern for 80% of retirement plan specialists, who rate it the single most important factor when evaluating recordkeepers, according to the latest report from Cerulli. Meanwhile, recordkeepers and third-party administrators cite data security as a significant expense.

“In a digital age, these firms essentially double as technology companies, with plan sponsors and their consultants/advisors closely scrutinizing security procedures and policies,” Anastasia Krymkowski, ASA, associate director at Cerulli, said in a statement. “It is critical for providers to maintain accurate data representing participants’ transactions while safeguarding their assets and confidential information.”

Cerulli found that improvements to existing platforms put firms in position to offer more personalized advice to participants, increase in-plan income and even take some things off recordkeepers’ plates.

Krymkowski pointed to responsive design and mobile apps, aggregating account information, and implementing single sign-on across platforms as key areas where firms can improve operational efficiency.

“It [technology] has the potential to standardize recommendations, combat human biases and, at the very least, alleviate some of the more time-intensive, computational aspects of portfolio management and financial planning,” she noted.

With those investments in technology come a need for enhanced cybersecurity measures. Firms with more comprehensive wellness programs may have access to new kinds of sensitive data, including health information, work productivity or relationship status.

“Cerulli urges providers administering such programs to take additional precautions when it comes to data security and ensure the appropriate treatment of Protected Health Information (PHI) under the Health Insurance Portability and Accountability Act (HIPAA).”

Exit mobile version