Every pension scheme needs to have faith that their administrator is holding their data securely. With the risk of cyberattacks on the rise, there is a higher risk that your data could be lost or targeted. Do you know the security protocols for your administrator’s data?
You do not want your reputation tarnished due to basic measures not being put in place. You need to implement a risk register and provide regular staff training. Staff training is crucial to ensure your team are aware of how to reduce the risk of a data breach.
Do you make sure all member information is sent securely? If not, your next action should be to complete this.
One of the most common attacks now are ransomware attacks.
What is a ransomware attack?
A ransomware attack is designed to deny a user / organisation access to files on their computer. By encrypting these files and demanding a ransom payment for the decryption key, cyberattacks place organisations in a position where paying the ransom is the easiest and cheapest way to regain access to their files.
How to prevent a ransomware attack?
- Maintain backups – Important data should be backed up so that data can be recovered after a ransomware attack.
- Develop plans and policies – Your IT team should develop a plan to ensure they know what to do in the event of a ransomware attack.
- Strengthen your endpoints
- Keep your systems up to date
- Provide training to your team
- Implement an Intrusion Detection System
Not only have you got to know your data is held securely, but it is also important to identify that your scheme data held with third parties is held securely.
It is important to consider whether the third party holds ISO 27001 accreditation and / or Cyber Essentials Plus. We have identified this as a key requirement for scheme administrators to obtain and maintain secure standards.
Would you know what to do if there was a data breach?
For any further guidance, please email firstname.lastname@example.org.