Ensuring your annual open enrollment process goes smoothly is hard. Whether you’re the Human Resources representative at the helm, or the strategic advisor tailoring valuable benefits for your clients, the process can be daunting.
No doubt, you’ll have a captive audience in your employees who are eager to learn what the new plan year has in store for them, but you may also attract some uninvited participants. Cybercriminals, identity thieves and hackers will also want to join in. And they’re willing to take drastic measures to infiltrate this data-rich process.
Data Breach Risks Spike During Open Enrollment
A data breach is the unauthorized access of sensitive or confidential information. Much of the data stolen by criminals in a breach event is often used to perpetuate identity theft against businesses or individuals.
According to the Identity Theft Resource Center, data breaches exposed 169 million records in 2015. While that’s in line with historic trends, 2016 has brought some unexpected twists in terms of data exposure. In the last seven months alone, more than 624 million social media account credentials have appeared for sale on the dark web.
An open enrollment process means coordination and transfer of huge volumes of sensitive information, between companies, their employees and suppliers. Health insurance information is among the most targeted of data points. On average, medical records sell for $20 on the black market — a significant jump from the mere $4 value of Visa or MasterCard data.
This high price stems from the plethora of opportunities hackers have to exploit insurance data — from receiving medical treatment or prescription drugs in the victim’s name, to redirecting mail using the victim’s address or opening new lines of credit with their Social Security number.
So maintaining security during open enrollment should be paramount.
Keep in mind, insurance applications aren’t the only coveted records associated with open enrollment. Data-saturated employment records and other business documents are also a jackpot for identity thieves.
What Does This Mean for Benefits Professionals?
Data security during open enrollment is not solely under the jurisdiction of your IT department. Human resources and benefits professionals are also responsible for securing the huge amounts of data received during open enrollment.
According to BakerHostetler, one in four data breaches is the result of an employee action or mistake. This includes improper use or disposal of sensitive documents. Additionally, 31 percent of breaches were caused by phishing, hacking or malware. These methods are usually successful due to an employee unknowingly providing criminals with an access point, like leaving a computer unlocked or clicking on a phishing email. And since IBM reports the average cost of a single breached record is $158, it’s a burden few organizations can afford.
It’s up to human resources and benefits professionals to address the weakest link by encouraging employees to keep data security top of mind — all year long.
Build Robust Data Barriers
Mitigate data breach risks during open enrollment with these five proactive data security measures.
1. Encourage your team to exemplify security protocols
Work closely with IT to understand your risks and how to appropriately address them. Then, take the lead in creating a more security-conscious work environment. Whether you encourage your team to remain vigilant of cyber threats or leverage your role as a trusted advisor to instill safe data practices among clients — cybersecurity is an around-the-clock job that requires all hands on deck.
Unsure of what security protocols to follow? Subscribe to our Partner Newsletter.
2. Clearly communicate the enrollment processes
Ensure all enrollment materials are sent in a clear and secure manner. Clearly map out the enrollment process so employees can anticipate requirements and better detect enrollment-focused phishing scams.
3. Ensure defenses are in place
Just because the cyber world is grabbing headlines, doesn’t mean old fashioned data exposure is a thing of the past. Maintain security with appropriate physical safeguards — restrict access to enrollment documents, shred sensitive documents and enforce a clean desk policy. For cybersecurity, work with IT to ensure anti-virus software is up-to-date and all applications are regularly patched, outline and relay expected employee conduct online (including search, download and social media restrictions) and secure Wi-Fi networks.
4. Create an anonymous fraud hotline
Not all threats come from the shadows. Often they’re right under your nose. Insider theft is one of the primary methods to steal data. And tips are the leading detection method of occupational fraud — accounting for 39 percent of all cases, according to the ACFE. Create an anonymous tip hotline and encourage employees to call if they suspect fraud.
5. Develop a data breach response plan
Plan for the worst. A breach response plan is the second most effective way to reduce breach-related costs. Your plan should include appropriate contacts (law enforcement, insurance companies and consumer protection agencies), IT procedures and announcement/post-breach material for impacted individuals. Ensure a dedicated phone number and website is created to help answer breach-related questions.
These defenses are effective and, best of all, your employees won’t fight their adoption. Considering that there’s a new identity theft victim every 30 seconds, consumers are well acquainted with the aftermath of poor data security. Employees are typically willing to take measures to ensure their workplace does not become yet another source fueling the growth of identity crimes.