Public retirement systems span a lifetime of support for their members. From the first day of public employment through leaving the workforce and retirement, these relationships can last up to 70+ years. During this journey, the nature of security has changed significantly.
Twenty years ago, it used to be a common sight to walk into an office and see yellow ‘Post-it’ notes affixed to every monitor (or at least under the keyboard) with the password for that user written out. And those passwords would often just be the word “password” or a simple numerical sequence.
Times have changed. Today we live in a world of two-factor authentication, eight character minimum, one upper and lower-case letter, at least one special character, and at least one number. Oh, and you may also not use any previous password and your password may not contain your user name. Even with all the layers of security on top of password requirements, data still gets hacked.
It’s perhaps unsurprising, therefore, to discover that only 36 percent of US citizens are confident in the ability of the government and its agencies to protect the privacy and security of their data. If most people don’t trust the government to protect their data, it’s likely that they’ll have similar misgivings about their retirement system provider. And when you think about the nature and richness of the data that pensions systems hold about their members, it’s easy to see why they are a very attractive target for hackers. That personally identifiable information containing extensive financial records checks a number of boxes for cybercriminals. It’s highly-prized on the black market.
As pension systems move increasingly to digital and online they become more and more attractive to hackers. When members’ information was kept as paper records – or even in standalone systems – it had limited appeal to criminals. The risk-reward equation of stealing it simply didn’t stack up. But now a hacker could gain access to a system and download a lot of information at one time and sell it easily, all from the comfort of their couch. That is a game changer.
The key point retirement systems must take from this is that hacks are not something that happens to others. Pensions data is as attractive and valuable target as someone’s credit card number, so retirement systems need to respond with a new approach that recognizes and reacts to the threats they face. It’s not simply an issue for IT to deal with. This is an enterprise-wide challenge and needs to be addressed for the business-critical issue it is.
To help retirement systems get started we’ve developed a security retirement framework, including a six-point plan outlining the fundamentals of new thinking and actions to protect workers and retirees’ sensitive data. With hackers getting more sophisticated all the time, every organization must operate with the assumption that they will be attacked at some point – it’s a question of ‘when’ not ‘if’. Being as well prepared as possible is the best defense.
What does data security mean for your organization?
See this post on LinkedIn: Pension Systems + Hacker = More Focus on Security