Society for Human Resource Management (SHRM) September 2, 2020 Shore Up Benefits Cybersecurity During Open Enrollment


Employers can reduce opportunities for data to be stolen or compromised by modifying their open enrollment and administrative processes. For example, safeguard data more effectively by eliminating paper forms and instead using online enrollment that requires passwords and multi-factor authentication.

In addition, requiring employees to actively enroll online instead of allowing them to default to the previous year’s benefits selection “forces employees to log in and actively enroll in or decline benefits and review their home addresses, e-mail addresses and personal information to ensure their accuracy,” said Melodie Bond-Hillman, director of HR and administration with cybersecurity solutions company XYPRO Technology Corp. in Simi Valley, Calif.

Bond-Hillman also suggested that employers limit the open enrollment period to minimize the amount of time the benefits portal is open to employees and more vulnerable to a breach.

She recommended reducing the use of employees’ Social Security numbers as much as possible in benefits administration and instead assigning employee identification numbers.

Employers and their benefits vendors must also be vigilant and look for unusual activity in employee benefits plans, and they should automatically confirm plan changes directly with employees, Bond-Hillman advised.

To read the full article visit Society for Human Resource Management (SHRM).