At LAGERS we have many different assets. There are those that we can easily measure their worth--like the investments held in trust for your benefits, or the value of the building where our dedicated staff work every day serving you. Then there are those for which the value isn’t that measurable—like the staff members themselves, or something else in our care that is priceless—the personal data we have of each of our members. To say we take our duty seriously to protect that data is an understatement. We thought you might be interested in knowing some of the ways we do that.
It seems that a day doesn’t go by without the report of a new security breach that results in the compromise of individuals’ personal data. Hackers seem to have an unlimited amount of time and energy to devote to their evil purposes. Because of these relentless incidents, the LAGERS Board and management staff have identified cybersecurity risk as one of the system’s top risks to address.
As an integral part of the LAGERS staff, our IT department has the primary duty of not only keeping our many systems up and running, but also of maintaining a robust set of defenses against cyber attacks. Be warned—some technical jargon ahead!
These defenses include:
- Encrypting internal databases that house sensitive data
- Firewall protection
- Anti-virus software
- Anti-spyware software
- Intrusion protection products
- Application of security patches
- Security certificates and password protocol on the member and employer web portals.
In addition, no unencrypted emails may include member Social Security numbers (and we encourage members not to send emails containing those numbers). LAGERS also has a formal Information Security Policy that is updated annually and which all staff are required to read and certify annually. In addition to cybersecurity measures, this policy includes guidelines on the type of personal information that can be disseminated and to whom it can be disseminated. All staff members also receive training, particularly in the area of social engineering threats (such as phishing emails that contain links to malware).
To further evaluate the effectiveness of these established defenses, LAGERS employs an external firm to conduct an annual network penetration test, wherein the firm attempts to breach security to access our networks. Every year since 2015 LAGERS has scored a 4 out of a possible 4 on the firm’s rating scale. The two IT personnel primarily responsible for network security receive a great deal of training and certifications to stay up-to-date and further enhance their knowledge of the threats that exist. We are proud of our IT department’s efforts to keep your data secure, and they have the full support of the Board to continue to do so.
While unfortunately no defense is guaranteed to be completely fail proof, we want you to be assured that we consider the security of your personal data to be of the utmost importance, just as we consider the security of your benefits to be our very mission.