“Any business large enough to offer retirement benefits can be considered a target with financial information worth stealing, especially as attackers know that employers and plan sponsors are usually not required to have sophisticated cybersecurity measures in place, and are new vectors of vulnerability.”

Offering a 401(k) Could Leave Your Organization More Vulnerable to Cybercrime
-Stel Valavanis

It’s no surprise to those in the financial services industry that they are required and expected to have a certain layer of cybersecurity. The information they work with on a daily basis can easily be used for cybercrime, should it fall into the wrong hands, and so financial institutions protect their data against hackers and cybercrime. What may be a surprise, however, is the threshold for what could rightfully be considered a financial institution. Any business large enough to offer retirement benefits can be considered a target with financial information worth stealing, especially as attackers know that employers and plan sponsors are usually not required to have sophisticated cybersecurity measures in place, and are new vectors of vulnerability. Organizations that have not planned for high-level cybersecurity attacks, not seeing themselves as potential victims, are frequent targets of experienced hacking groups. Organizations that are involved with 401(k), either as employer or plan sponsor, should consider that the data they retain may require the kind of security measures that self-identified financial institutions consider part of their daily operations. [Read more…]