Over the past few weeks, members of our bswift team had the privilege of attending the 2020 bswift Channel Partners Virtual Sessions. Each session offered a chance for us to learn and gain important insights to serve you better. As technology grows and improves our ways of doing business so must the way we protect our businesses and employees. We wanted to share what we recently learned on bswift Security and Your Clients’ Data Safety virtual session.
Superior Cyber Security
On Feb 18, 2020, CVS was officially granted US Patent no 10,541,813 on a 2017 submission for Next-Generation Authentication (NGA). NGA is an innovative method for performing mobile and web application user authentication.
George Dart, SVP, Chief Architecture & Security Office at bswift advised that MFA is a factor of NGA and is estimated to be rolled out early in 2021 (after enrollment season). NGA is expected to be superior to MFA. Currently, bswift has four BETA test clients using NGA. Any interested users should advance their requests to the Client Services team, at bswift, for inclusion in BETA testing. At this time pricing is unknown.
bswift Security Documentation
- NDAs. requires an NDA for all clients and channel partners. Once a signed NDA is submitted, all NDA users will be able to access and pull down security certifications for review. You can expect documentations to be available within the next quarter or so.
- Audits. bswift conducts annual SOC1 and SOC2 audits. SOC-type audits are industry-standard audit types and certifications are available for these audits. SOC reports include information about how bswift trains their employees internally for security protocols.
- SOC 1 – Business operations that underpin financial proceedings to support remediations or other issues
- SOC 2 – Technical focus in 5 different areas for thorough evaluation for privacy and data protection. This also reviews external security considerations for database storage center
- Information. bswift Maintains Standard Information Gathering (SIG) and SIG-Lite artifact
- Other materials:
- Architecture diagram
- Security Policies and Controls (575+)
- DR plan
- BCP Program overview
- Incident Response Plan
bswift SecurityScorecard and Their Stance Among Competitors
SecurityScorecard, a third-party security vendor, is being used by bswift to evaluate their technology. bswift holds a “Fortune 500 Expectation” standard. Their SecurityScorecard numbers are increasing, and they are finding that many competitors are “catching up.” It’s interesting to see that not only does bswift use the scorecard for themselves, but they also use SecurityScorecard to monitor the security health of Vendors and third-party partners. bswift has internal metrics for ensuring their Vendors/TPPs are not vulnerable and making bswift vulnerable by extension.
COVID-19 Impact on Cyber Security
All industries with cyber components are impacted. New types of threats and attacks are showing up and impacting the way business is run. Below we touch on some of those new threats, strategies, and what to prepare for.
- New threats and types of attacks
- Network security
- New cyberattack strategies
- Collaboration Risks
- Zoom meeting hacking
- Connectivity to 3rd party apps
- Variety of collaboration tools with limited controls
- Expanded access
- In many cases, when at home, multiple resources are using internet-connected devices and that access may cause exposure of data within the household E.g., Shared Devices in the scenario of using one computer for work needs as well as student lessons
- Home Wi-Fi/Internet access on unsecured lines
- Business email compromises
- Email spoofing
- Password integrity suffers
- Rapid Expansion
- The rapid expansion many organizations have undertaken to support remote work resulted in unsecured environments. At-home employees don’t have the same security as the enterprise environment.
- Phishing and Scams
- Phishing is VERY common
- Senior-level managers are often used in spoofing with a “call to action”
- Social engineering campaigns as it applies to economic stimulus
- Increased unemployment needs due to COVID-19 resulted in a higher frequency of scams to lure people for sensitive information. e.g., unemployment, loans for businesses, stimulus-checks, etc
- Key Loggers (Agent Tesla, Hawkeye, etc)
- Remote Access Trojans (RAT)
- BotNets (Loki, Pony, TrickBot, etc)
- Malicious Attachments
- Weaponized MS Office document delivering second-stage malware executables
- Embedded URLs delivering ransomware or credential harvesting (e.g., password recording)
- Attached archived executables
How to Address Cyber Vulnerabilities
All these combined elements provide a layered approach for cyber protection.
- Increased Vigilance
- Email Controls and Monitoring for authentic sources. This may involve training employees
- Defense in Depth Networking
- Endpoint Controls
- Threat Monitoring – bswift has a team to monitor for threats and applies proactive protections
- Secure VPN
Reach out if you need more information on bswift’s platform or other solutions. We help benefit advisers understand the HR tech market and identify best-fit solutions for clients. Contact us at 1-877-299-8155 or visit bentechre.com.