The capabilities concerning cyber defense and incident response are evolving constantly. There is an increasing amount of work involved in limiting security risk. Many leaders do not have an appropriate understanding for what makes for good cybersecurity, so they are forced to trust the word of the IT and security people around them. A quick way for leaders to lower risks is to have access to an industry specific set of best practices and standards to hold their teams accountable for security performance.

HCM Defender publishes best practices for the industry based on latest NIST frameworks (RMF, PRM, CSF) and industry best practices adapted to industry. Using a NIST+ model provides a nationally consistent model and alignment for potential future regulations while adding specific areas HCMs need to meet to be safer.

Specific standards are being put in place that will impact the HCM industry. An example is the DOL/EBSA Guidelines for 401k providers, which can act as a guide to improving cybersecurity across the industry. This might lead to future certification programs to help provide assurances to customers and insurers about the validity of cyber programs.

These guidelines include:

• Formal documented program
• Conduct prudent annual risk assessment
• Annual audit of security controls
• Define responsibilities within organization
• Strong access control procedures
• Cloud-based data third party services are subject to assessment
• Periodic training
• Manage secure lifecycle program
• Business continuity and incident response plan
• Encryption of data stored and in transit
• Technical controls
• Appropriately respond to cyber security incident

The following is a list of best practice areas for which HCM Defender has developed and by which leaders can use to learn and progress:

• Third party audits and risk analysis
• Hardware and software configuration and an ongoing plan for infrastructure upgrades
• Governance policies
• Contract terms with vendors
• Work From Home security model
• Internal employee data/IP theft protection
• Incident response program
• Employee security training and testing model

It is the goal of HCM Defender to help guide those in the industry in implementing industry best practices around cybersecurity, including the above.

It’s not always easy to weed through the omniverse of cybersecurity information out there. Smaller organizations struggling with limited cyber resources through larger organizations needing comprehensive risk assessment, everyone needs help. HCM Defender will provide simplified and straightforward advice and services either internally or by introducing you to vetted trusted security partners that are already aware of the industry’s unique needs.

We have interviewed and vetted a wide range of vendors who could be useful or even critical to successfully navigating a cyber incident. HCM Defender members will have direct access to these vendors and may receive pricing and service advantages based on their membership.

We partner with vendors in the following areas:

• Cybersecurity Insurance
• Legal Services
• Managed Detection & Response (MDR)
• Managed Security Service Providers (MSSP)
• Vulnerability Monitoring
• Penetration Testing
• Employee Awareness Training & Testing
• Dark Web / Deep Web / Social Media Monitoring
• Cryptocurrency Brokers
• Threat Intelligence
• Event Response

HCM Defender is designed to pool resources to gain competitive pricing and comprehensive/standardized terms geared toward the industry. We will also work with these vendors so that they understand the HCM industry more effectively as well as the direct needs of our members.

Aside from partners HCM Defender is here to support you with resources to help you through various stages of your organization’s journey to an improved risk profile. Whether that is through advisory and consultancy services or temporary resource augmentation such as “CISO as a Service” we will support your efforts to become more resilient to cyber threats.

In an incident, the ability to respond intelligently when a cyber event occurs is critical for managing financial loss and reputational damage in the market. But is it also difficult for you to know who to trust and often challenging to get unbiased advice from stakeholders in your network security.

For most organizations, the first time they experience a breach is also the first time they have ever been faced with the series of decisions that must be made in the timeframes required. This means organizations are “learning on the job” so to speak, and the potential consequences of mistakes are serious.

Dealing with a cyber event can be stressful and fraught with pitfalls that can add complication to any incident. HCM Defender will provide an unbiased and rapid response capability to members to help ensure the incident response is as smooth as possible. Additionally, capturing event data and trending analysis will help identify patterns and attack profiles.

As an industry funded utility HCM Defenders only objective is to help you get back on your feet with guidance and support you need around critical times. Guidance for leadership through decisions and options along with event summaries and colleague support will benefit the entire industry.

HCM Defender acts as a voice and coordinator to the industry on cybersecurity. Filtering through the plethora of cybersecurity information and educating members on the current and future state of cybersecurity as it relates to the industry. We also help to communicate the most likely attack vectors HCMs will face. Utilizing a variety of communication channels HCM Defender is a central information point for security in the industry and intended to help all members gain better insight into cybersecurity risks and make informed decisions and avoid inappropriate investment. The best way to assure that this does not occur is for everyone to have a clear picture on what is really going on.

All of this is accomplished via various communication channels including:

• Monthly email reports / dashboards (Members only)
• Text message alerts / email alerts (Members only)
• Monthly Zoom session with live Q&A (Members only)
• Speaking at events (For the whole industry)

HCM Defender will work with government agencies as an information hub, aggregating information and industry relevant threats around cybersecurity. Engaging with CSIRT/CERT/PSIRT response and threat intelligence sources to provide early alert information is a fantastic way to improve awareness.