Monica Cope, Chief Operating Officer at Veratta, said: “Research statistics released last week by the Office for National Statistics (following a field trial conducted between May and August 2015) indicate that there were an estimated 2.5 million* incidents of crime falling under the Computer Misuse Act in England and Wales, the most common incident where the victim’s computer or other internet enabled device was infected by a virus. It also included incidents where the respondent’s email or social media accounts had been hacked.
“Stories in the press about the public being targeted by scammers online are increasingly commonplace. Just last week an email scam in Northern Ireland saw a woman conned out of £77,000**. The pensions industry is certainly not immune to the threat of cyber-crime and, without more rigorous controls, particularly around processes and technology, there is an incident waiting to happen. Pensions data is extremely valuable – it’s people identities, whereabouts and financial circumstance. As an industry we therefore need to take the lead and demonstrate that we are treating peoples’ information and security just as seriously as other industries do.
“Ironically, one of the biggest threats to member data is the very thing that has made pensions more amenable and accessible - the move to mobility. The pensions industry is now being run on laptops, tablets and mobiles, with many owning multiple devices. Just consider the nature of the information on schemes held on these devices and how easily they can be lost. It is hugely worrying.”
Cope added: “Trustees need to be aware of the severity of this threat. They need to fully understand what appropriate exercises and protocols are needed to manage and avoid what could be an extremely serious breach of the information that pension schemes hold. They should consider things like penetration tests to analyse any hacking and security vulnerabilities, and ensure that software is always updated with the latest patches and that backups are regularly done. In the interests of preparation, schemes should also ensure they have an incident plan in place and ready to action should the scheme data get hacked.”
|