New cyberthreats continue to emerge, and a surge in remote work and online financial services creates different data risks. We must work to find and prevent threats before they happen. This effort requires a constant evolution of best practices.
Employee education and diligence are critical to our success in protecting our Clients’ data. Each year, all employees complete mandatory security and privacy training courses. This training helps them understand their responsibilities, relevant rules and how to protect Client data and confidentiality.
We also provide extra guidance and awareness-building programs to help employees deepen their knowledge. For example, our security team conducts interactive phishing simulations. These tests teach employees to find and avoid real-world cyber threats they may meet.
Cybersecurity is a growing concern for the public and a top priority for Sun Life. Organizations around the world are facing increasing attacks on their computer systems by sophisticated hacking groups.
Our Senior Vice-President and Chief Information Security Officer (CISO) is accountable for providing global oversight over the implementation of Sun Life’s information security program and the Security Risk Policy. The CISO leads a global team of over 170 highly qualified individuals. His global mandate includes the development, execution and operational management of Sun Life’s security strategy, risk assessments, security controls, monitoring, incident response and compliance.
We continue to evolve our cyber defences to be effective against emerging threats. For example:
Our reputation depends on being responsible for data entrusted to us. Delivering on this duty involves:
Sun Life engages with industry groups to share intelligence and best practices for building stronger data protection programs. Examples include:
Managing data responsibly
Our guiding Client Data Privacy Principles highlight our promise to Clients:
We use Client data to deliver on our Purpose
We do not sell Client data
We inform Clients about why we collect and use their data