How Well Does Your Broker Protect Employee Information?

Author: Simon Hopes

You run a small business with about 100 employees. Your company works with an insurance broker to provide health, vision, and dental insurance to employees. That means your broker possesses sensitive personal information on each and every employee. How well does that broker protect the information?

Data security is obviously a big thing these days. Hackers intent on stealing personal information can make a lot of money selling it on the dark Web or using it to steal identities, establish fake credit accounts, and so on. Stolen data can even be used to file fraudulent tax returns.

Just recently, a Houston company known as Benefit Recovery Specialists, Inc. (BRS), revealed it had been victimized by hackers. The company discovered malware on their computers in the spring (2020), malware that could have compromised the personal information of nearly 275,000 people.

High Risk Vendors

BRS, like so many organizations in the employee benefits industry, are considered high risk vendors. They are high risk because they possess extremely sensitive data. As such, they have an added responsibility to maintain proper security procedures at all times.

Hackers got into the BRS system by stealing an employee's credentials. Once in the system, hackers were there for at least 10 days. They could have spent that time gleaning reams of information including names, Social Security numbers, dates of birth, and more.

Hackers Get in Easily

How did hackers get the employee's credentials? No one knows for sure, but the best guess is a routine phishing attack. Phishing is a scheme that involves sending emails designed like legitimate requests for information to vulnerable recipients.

A hacker might construct an email meant to look like it is coming from an organization's HR department. The email might bear the company's logo and tagline along with the names of key HR officials. Such an email would ask employees to confirm their credentials in order to maintain access to company computer systems. That is all it takes. With those credentials, a hacker could break in and establish permanent access before anyone knew the email was fraudulent.

Taking Data Security Seriously

It is not possible to prevent data breaches 100%. Nonetheless, it behooves high risk data vendors to take security seriously. Most do. Those that don't can find themselves at the wrong end of a data breach that could destroy their reputations and their businesses.

A June 2020 blog post published by Dallas-based Benefit Mall cites data suggesting that companies spend, on average, as much as $200,000 recovering from data security breaches. The number only accounts for the amount spent on undoing the physical damage. It does not quantify what a company might lose in terms of business taken elsewhere by unhappy customers.

As an employer, do you know whether or not your insurance broker takes data security seriously? If not, you cannot afford to wait for an answer. It is time for you to contact your broker and find out exactly what security procedures and policies are in place.

Just One Breach

It only takes one security breach to put your employees' sensitive personal information at risk. Imagine the liability you could face if a breach led to employee identities being stolen. Imagine the damage to your company's reputation after a security breach exposed your team.

Likewise, you face the same type of things if you are an insurance broker. Are you prepared to answer for hundreds of thousands of people being affected by hackers? As a high risk vendor, you owe it to your clients, their employees, and your own business to do everything in your power to protect sensitive data.