Offering a 401(k) Could Leave Your Organization More Vulnerable to Cybercrime
“Any business large enough to offer retirement benefits can be considered a target with financial information worth stealing, especially as attackers know that employers and plan sponsors are usually not required to have sophisticated cybersecurity measures in place, and are new vectors of vulnerability.”
Offering a 401(k) Could Leave Your Organization More Vulnerable to Cybercrime
-Stel Valavanis
It’s no surprise to those in the financial services industry that they are required and expected to have a certain layer of cybersecurity. The information they work with on a daily basis can easily be used for cybercrime, should it fall into the wrong hands, and so financial institutions protect their data against hackers and cybercrime. What may be a surprise, however, is the threshold for what could rightfully be considered a financial institution. Any business large enough to offer retirement benefits can be considered a target with financial information worth stealing, especially as attackers know that employers and plan sponsors are usually not required to have sophisticated cybersecurity measures in place, and are new vectors of vulnerability. Organizations that have not planned for high-level cybersecurity attacks, not seeing themselves as potential victims, are frequent targets of experienced hacking groups. Organizations that are involved with 401(k), either as employer or plan sponsor, should consider that the data they retain may require the kind of security measures that self-identified financial institutions consider part of their daily operations. [Read more…]
Cloud Vendor Breach Harms Philanthropists
“Data privacy laws may differ across the country and across industry, but as far as liability is concerned, there is a consensus: your organization is responsible for private data it holds and is liable for any breach of that data’s security, regardless of whether it was the result of failure by third party vendor or outsourced party.”
How to Assess Third-Party Vendor Risk: Cyber Security Guest Blog
Metrics drive the measure of progress and stand as benchmarks during any assessment, audit or review process. They are the life blood of reporting and when it comes to vendor risk management, it is not as straight forward as you might think. Let’s take a deeper look into what Guy Dulberger of Ritchie Bros. has to say about the key metrics to track when assessing vendor risk and how a risk-based approach is the new norm for vendor risk management. [Read more…]