If you’ve been more concerned about cybersecurity lately, you’re not alone.

As part of a recent study bswift commissioned with Forrester Consulting, we surveyed employers on their needs and priorities in a post-pandemic world. When asked about cybersecurity, 82% of employers agreed that with the rise of remote work, they are more focused on data security. Plus, 70% of employers surveyed reported their new remote work policy will be a permanent change for the future, so this hyper-focus on data security is likely here to stay long-term.*

The security of any organization depends on two areas:

1. Internal cybersecurity practices, and
2. The cybersecurity measures of third-party providers you partner with, especially benefits administration providers and any others managing employee PHI or other sensitive data

Our team has a few tips to help you proactively protect your organization on both fronts.

Assessing and revamping your internal cybersecurity practices

• The rise of remote work has changed how cyberattacks occur and how businesses can protect themselves. In fact, nearly half of global businesses have encountered a cybersecurity scare since shifting to a remote model. If remote work is a part of your current or future plan, consider these guidelines to help your organization stay ahead of potential threats:
• Take key security measures: This may include any of the following: performing regular organization-wide password updates, implementing multifactor authentication, installing operating system updates, regularly updating applications, encouraging employees to use private Wi-Fi networks when possible, etc.
• Keep your organization in sync: In our survey, we found that 82% of HR teams have had to strengthen ties with their technology teams to deliver a better employee experience.* Having your technology and security teams work closely with your HR department can be especially helpful in educating your workforce around cybersecurity.
• Provide ongoing education: Require completion of ongoing cybersecurity training modules to keep security top of mind for your workforce and ensure they’re up to date on your latest practices. Be sure to provide additional resources to employees should they need more information or require any clarification.
• Avoid cybersecurity jargon: Most of your employee population is likely unfamiliar with technical cybersecurity terms and phrases. When communicating remote work security guidelines and policies, keep messages simple and brief to reduce any confusion and better ensure adherence.
• Review and update policies: In today’s ever-changing environment, your cybersecurity policies should be reviewed and updated on a regular basis by your organization’s I.T. and security experts.

Connecting with your providers about cybersecurity

Whether you have an existing ben admin provider, or are considering a new one, it’s crucial to proactively talk to them about their cybersecurity measures and practices. With your employees’ data and PHI in their hands, any cybersecurity threat to the provider can potentially become a serious threat to your own organization and workforce. Here are a few areas we suggest you discuss with them:

• Frequency of evaluation: Check in about the frequency with which they evaluate their cybersecurity strength. With the accelerated pace of digital transformation we are experiencing today, the provider should be evaluating their cybersecurity measures and risks on a frequent and consistent basis.
• Evaluation methods: Learn more about the methods the provider uses to evaluate their cybersecurity strength. In addition to constantly measuring and evaluating internally, ask if they also use a reliable independent third-party for regular security evaluations and reporting. If so, learn more about the third-party to understand their reporting criteria and ensure their methodology.
• Application security: A secure provider proactively considers potential threats and has a plan in place should they occur. To evaluate a provider’s strength in this area, ask about their application security level, which measures the likelihood of a web application breach and checks for defacement code. If the provider works with an independent security evaluation vendor, they will usually include this area as part of their overall assessment.
• Investment in cybersecurity: For any technology provider, cybersecurity should always be a top priority. A key indicator of this is a solid financial and personnel investment into data security. Learn more about this from the provider and compare what they share with industry standards.
• Continuous improvement: As the provider continuously makes updates to their benefits administration platform, their cybersecurity measures should be updated and strengthened in tandem. When it comes to cybersecurity, your provider should constantly be evolving.

Learn more about George Dart on LinkedIn! Visit our Insights page for more resources.

 

* A commissioned study conducted by Forrester Consulting on behalf of bswift, March 2021