Articles — Sep 18, 2018
Data Security and Benefits Technology: Top 3 Things Employers Should Look For
We’ve all seen the results of major security breaches in the national news. Whether it was Equifax, Facebook, or your favorite retail store, consumers are becoming increasingly aware each day of the potential of a company they trust being unable to protect their personal information. All things considered, it’s safe to say that security is one of the most important aspects of any successful company.
So when you’re evaluating a benefits administration provider, how can you effectively assess their ability to keep your employee data secure?
Here are the key questions you need to consider.
How does the provider evaluate the strength of their security?
First, take the time to understand the standards the provider holds themselves to. In other words: when they make any claim about the strength of their security, what criteria is this based upon? A reliable provider should be able to outline this in detail for you.
Equally as important, how frequently does the provider assess the strength of their system’s security? Any provider that claims to have strong security measures in place should be evaluating their system on both a frequent and consistent basis. As they continue to update and build out their platform, their security measures should evolve and mature, too.
Finally, what method does the provider use to evaluate their security: internal assessments or assessments done by a reputable third-party? bswift’s parent company, Aetna, defines the fundamental principles and proper controls needed to ensure compliance with regulations, as well as offers self-governance solutions to keep bswift and Aetna data secure at all times. In addition, we also look to third-party security risk assessment company, SecurityScorecard, to regularly evaluate the security of our platform against ten cybersecurity areas.
A dependable provider should use both internal and external methods as a part of their security assessment efforts. Consider it a red flag if the security information and statistics a provider reports out are solely based on internal assessments and evaluations.
Is data security the provider’s highest priority?
One concrete indicator of this is the amount the provider invests into data security. For example, bswift’s data center and security services leverage Aetna’s Phoenix Data Solutions (PDS), an Aetna affiliate. With security top of mind for both bswift and Aetna, Aetna’s infrastructure and security organization has a combined annual budget of $800M and 1,300 personnel resources, leveraged across Aetna and its affiliates. Request this information from the provider you are evaluating and be sure to assess what they report back against industry standards and best practices.
Has the provider prepared for the worst?
No technology provider likes the thought of data and security breaches. But a truly secure and reliable provider has taken the time and effort to consider all possible threats and developed a plan of action to manage each, should they happen to strike.
One way to assess this is by evaluating a provider’s application security level, which refers to the likelihood of an upcoming web application breach and checks for any existing defacement code. In a recent security evaluation by SecurityScorecard, bswift scored an 84 out of 100 in Application Level Security, a subcategory in which other benefits administration providers did not score higher than 72, with one provider even failing the measure. This is a serious reminder to take a deep dive into how thoroughly a provider has prepared their technology and team for the worst.
Placing a premium on data security
At bswift, we continue to make data and information security our highest priority. According to SecurityScorecard’s most recent report, bswift scored highest of all benefits administration providers evaluated and was 5.5 times less likely to experience a security event in comparison to other providers.
No one thinks a security breach can happen to them until they suddenly find themselves the victim of one. So when it comes to selecting your benefits administration provider, data and information security is one thing you should never compromise on. Take the time to carefully understand the security criteria you should evaluate against, keep your standards high, and find that provider who is committed to exceeding them. At the end of the day, your employees are counting on you to keep their personal data safe, and you want to maintain your reputation as an organization that will go above and beyond to do just that.