Posted by: danielrashke | December 21, 2017

Why TPAs Must Hire Leaders in Cybersecurity

A few months ago I talked about the importance of investing in cybersecurity with a systematic and thorough approach. Besides stepping up your level of security, I advised you to create a rigorous crisis management plan that’s regularly reviewed, tested, and updated. And while these technical solutions are important, your approach to the human side of cybersecurity is also a vital part of the equation that determines your success when responding to new threats.

Before you put a plan in place or invest in any new tools, be sure you have the right team in place. The occasional security audit and outside security service cannot do what a mature and dedicated security team does: know the business, constantly monitor threat levels, and swiftly respond to challenges and crises.

A recent cybersecurity threat intelligence report makes my message more urgent than ever. According to the report, at more than $37 billion in assets, Health Savings Accounts (HSAs) look like gold mines to today’s criminals, with fraudsters and hackers now zeroing in on accounts they deem likely to be the most valuable. Especially vulnerable are account holders who fail to check their balances regularly, meaning fraud can go undetected for months.

In this watch-your-back atmosphere, third-party administrators like TASC are at a higher risk than ever. And this is why we’ve been investing more and more into our security program. As part of this commitment, we took a few big steps…

We hired an experienced security professional to lead development of a robust program that can respond to new threats as they arise. Tasked with driving the strategy and vision for our security program, our new Director of Information Security, Riad Armo has already created a charter document that describes our security program and how it fits into our organization. And because cybersecurity is not a one-person job, we have also boosted our security team with four additional security engineers and coordinators.

Now that I’ve shared what we’ve done at TASC, what about you? Cybersecurity requires far more than a suite of high-tech monitoring tools you buy from a vendor, far more than junior-level staff working under the IT department. Yet all too often business owners fall for impressive product demos, spend a lot of money on tools, and then enjoy a false sense of security. Only with a strong team in place to manage the tools you’ve invested in can you be sure the countless technical settings are appropriate, adequate, and configured to respond to a security landscape that’s ever-changing and bound to remain so.

A mature cybersecurity program demands a fine-tuned team and deserves the same respect and access to funding as any other department. The severity of the threats we face demands nothing less.


%d bloggers like this: