MassMutual’s Cyber Security Program

Every day, we work to secure customer and company data, ensuring our commitment to help our customers secure their future and protect the ones they love. Customers can feel confident knowing our teams continuously monitor our information systems and risk factors to keep your information safe.

Some of our measures include, but are not limited to:

Partnering with our service providers to demonstrate their ability to protect data in accordance with MassMutual policies and standards and in accordance with applicable legal and regulatory requirements and contractually requiring them to maintain such standards.
Investing in our cybersecurity talent by providing ongoing education and training opportunities, to ensure our staff are knowledgeable and equipped to keep information safe. Our staff also participate in industry sharing forums, such as the Financial Services Information Sharing and Analysis Center (FS-ISAC) to identify trends and potential threats regarding the security of systems and data including personal information.
Reviewing, assessing, and updating our security practices based on changes in technology, sensitivity of customer information, and changing nature of threats and vulnerabilities.
Maintaining policies and procedures that are reasonably designed to protect against any anticipated threats or hazards to the confidentiality, security, or integrity of personal information.

MassMutual’s Commitment to Protecting Your Data

Restricting Information Access

Access to systems containing personal information is restricted to employees with a legitimate business need to access such information. Service providers are contractually bound to implement and maintain our requirements for the protection of your personal information. They are also required to comply with legal and regulatory requirements related to data privacy and information security.

Information Security Platform & Infrastructure

All external connections to company networks, applications, or data over the public Internet require multi-factor authentication are required to go through a multi-tiered “firewalled” demilitarized zone and a virtual private network (VPN) client. Our antivirus technology infrastructure and content controls are maintained to address the introduction of malicious code at the gateway, server, and client levels, using multiple technologies to diminish the risk relating to new viruses and prevent inappropriate communications, or leakage of personal or confidential information.

Testing and Assessing Risk

The program is subject to reasonable monitoring, review, and adjustment due to the dynamic nature of technology and emerging and evolving security risks and threats, including reasonably foreseeable threats or hazards to the security, confidentiality, and integrity of confidential or restricted information, including personal information. We align our resources to address the most significant risk as threats change.

Regular Monitoring, Evaluation, and Adjustment

We continuously monitor, review, and adjust our cyber security policies and procedures based on changes in technology and sensitivity of information to ensure that we are operating in a manner reasonably designed to protect against reasonably foreseeable threats or hazards to the confidentiality, security, or integrity of personal information. A cross discipline Incident Response Team exists to investigate and manage potential information security incidents.

Protecting MassMutual Systems

Data centers, operations centers, and other key buildings and assets are subject to physical, technical, and administrative security measures and related monitoring. Multiple Internet points of presence are also geographically dispersed to facilitate availability and mitigate the risk of catastrophic events.

Ongoing Cyber Security Awareness

Employees are our best defense against cyber-attacks! That’s why our cyber security education for employees includes focused communications, events, and training to reinforce the requirement that employees adhere to MassMutual’s Information Technology Policies and Standards, which are required to be acknowledged annually.