Northwestern Mutual

Security and Privacy

Security and privacy of your confidential information is important to you and to us at Northwestern Mutual. Know that we will never ask for your password, Social Security number, product or account numbers, or other personal information through email or text message. This information may be requested during a phone call with a Northwestern Mutual customer service representative or upon registering for online account access.

Northwestern Mutual is committed to safeguarding your personal and confidential information. We have provided some best practices that will help to enhance your security. Together we can work to protect what is most valuable to you.

Security and Privacy

  • Protect Your Account
  • Stay Safe Online
  • Secure Your Devices
  • Manage Records
  • Information Security and Privacy Safeguards

Protect Your Account

Protect Your Account

Registering for Online Account Access
  • When you register for Northwestern Mutual online account access, we request personal information, including your product number and Social Security number, to verify your identity. This helps ensure that only you may register to access your own accounts.

  • When you set up your password reminder questions for online accounts, select questions and answers that only you know. Avoid questions and answers that others may be able to discover about you, including information you share on social media sites.

  • To protect your online accounts, use secure passwords.

  • Avoid accessing your online accounts through publicly shared computers if possible.
Passwords

A strong password is important to protect your online accounts. When you are selecting a password, keep the following tips in mind:

Do Do Not
  • Choose a long password of at least 8 characters. Longer passwords are more secure.

  • Include upper- and lowercase letters, numbers, and symbols – this makes it more difficult for someone to guess it.

  • Change passwords frequently – consider quarterly updates.

  • Consider using a password manager.

  • Keep your password private.
  • Do not use real names.

  • Do not use Social Security numbers, words or numbers associated with personal information, like birthdays, anniversaries, license plates, telephone numbers, or addresses.

  • Do not use your login name or any variation of it.

  • Do not use words from the dictionary.

  • Do not use the same pattern for your passwords, such as smart1, smart2, etc.

  • Do not write down your password or share your password with anyone else.
Consider a Password Manager

Password management software can help simplify choosing and maintaining passwords for your online accounts. Several password management applications are available for a variety of devices and operating systems. Check with a trusted technology expert to help you choose the appropriate password manager tool for your needs.

Stay Safe Online

Stay Safe Online

Email Hacking Fraud

Email hacking occurs when a fraudster illegally gains access into an individual’s email account. This allows the fraudster to read email messages and view the address book on the email account. Using this information, the fraudster (appearing to be the individual), contacts the individual’s financial institutions via an email message and tries to obtain funds. Learn about how to protect yourself at Email Hacking Fraud.

Identity Theft

Identity theft occurs when someone wrongfully obtains another person’s confidential information, often to benefit the identity thief financially.

Victims of identity theft can spend months or years correcting the situation. Victims may also lose job opportunities or be refused loans for education, housing, or cars.

The Federal Trade Commission (FTC) provides advice to minimize your risk of identity theft and offers assistance for victims of identity theft at FTC.gov/idtheft.

Credit Monitoring to Fight Identify Theft

Fight identity theft by monitoring and reviewing your credit report regularly. You can view your credit reports from Equifax, Experian, and TransUnion annually for free through AnnualCreditReport.com.

Phishing

One of the most common ways identity thieves trick their victims is through phishing. This occurs when a cybercriminal tries to trick people into revealing confidential information or by installing malicious software (malware) on their computers. A phishing attack can take many forms, although the most common is an email message.

  • Identifying Phishing Messages
    Phishing messages often contain common “red flags,” including:
    • Generic greetings – Phishing messages often contain generic, non-personalized greetings.
    • Urgent or threatening language – Many phishing messages contain urgent or threatening language. Criminals often try to manipulate people’s emotions. Do not fall for that trick. Take the time to examine unsolicited messages carefully.
    • Awkward grammar or spelling errors – These may be signs of phishing messages.
    • Tricky links and unsolicited attachments – Always be suspicious of links and attachments in unsolicited messages. These may point to malicious sites or contain malicious software.
  • Phishing Resources
    To learn more about phishing and handling phishing messages, see OnGuardOnline.gov/phishing.
Social Media Safety

Social media includes websites and smartphone applications that allow you to stay connected with friends and family – but be careful what you share. Criminals could use the confidential details that you share publicly to conduct identity theft. A few tips will help you stay secure on these sites.

  • Most social media sites offer settings and tools to help you restrict who sees your content. Learn how these settings and tools work for each site, and be aware of any updates to how they work.
  • Realize that criminals can use social media to trick their victims. If a contest seems too good to be true, it most likely is. Links to the latest celebrity gossip or “shocking” pictures can lead to malicious software (malware) or sites designed to steal confidential information.
  • Children may become victims of cyber-bullying. Depending on the severity of the issue, contact the social media site, school officials, or law enforcement to report the incident. You may want to monitor your child’s social media activity and review their friends list to ensure they are communicating responsibly.
  • Remember that any information you post online could be saved and accessed forever. Make sure you log out of each application after you are done using it.

More information about social media safety is available at StaySafeOnline.org.

Secure Your Devices

Secure Your Devices

Antivirus/Antimalware

Protect your computer from malicious software (malware) by installing and running up-to-date malware protection. A variety of options are available online or at local retail stores.

Operating Systems and Other Applications

To remain secure online, update your operating system (the system that managers your computer’s hardware and software) frequently. Consider activating automated updates if available. Microsoft, Apple, Google, and other operating system vendors frequently update their operating systems. These updates may add functionality, increase security, and fix problems in existing software.

Other applications such as iTunes, Adobe Reader, and security software products also typically offer automatic update options.

Physical Security

Mobile devices include smartphones, tablets, laptops, cell phones, and other portable devices. They offer added convenience and flexibility. However, they do require additional protection. Treat your mobile devices as you would your wallet.

Consider the following best practices to keep your mobile devices secure:

  • Use a PIN or password on your mobile device to lock your screen when not in use.
  • Never leave your mobile device unattended in the open.
  • Lock your mobile device in a drawer, closet, or hotel safe while you are traveling.
  • Lock your laptop in the trunk of a car when transporting it in a vehicle.
  • Consider purchasing and using a cable lock to securely lock your laptop to immobile objects.
Web Browsers

It is important to keep your web browsers up to date to correct any bugs or vulnerabilities that older versions may have.

Download the latest version of your web browser. The following links point to English versions of the web browsers:

If your web browser supports automatic updating, consider turning on that feature to ensure you always have the latest version.

Wi-Fi Security

Wi-Fi allows you to wirelessly connect your mobile devices to the Internet. The following tips can help you remain safe when you use public Wi-Fi networks:

  • Realize that public Wi-Fi networks are not secure. Other people on the network can view the information you send and receive unless that information is encrypted.
  • You can tell if your information is encrypted by looking at the web address of the site you are visiting. If the site begins with https://, your information is encrypted and is not visible to others on the network.
  • If a site begins with anything other than https:// (such as http://), your information is visible to other people on the Wi-Fi network. Do not send or receive confidential information on those sites.
  • Always log out of your accounts when you are finished.
  • Beware of "shoulder surfers," thieves who physically watch your activities to steal your confidential information or passwords. Pay attention to your surroundings – leave if you are uncomfortable.

Manage Records

Manage Records

Managing your household records appropriately will help keep your financial affairs in order. Properly disposing of your records when you no longer need them will help protect your confidential information from falling into the wrong hands.

Records Management

The U.S. government offers guidance on managing household records. Review this information to determine how long you should keep important documents.

Secure Disposal

Properly disposing of your records will help prevent dumpster diving. Dumpster diving occurs when criminals sort through trash to find other people’s confidential information.

Work with a trusted technology expert if you have questions about the following recommendations.

  • Always shred your confidential information. Use a crosscut shredder that cuts the documents into small pieces.
  • Shredders that cut documents into long spaghetti-like strands are not as secure. Properly motivated criminals can reconstruct those strands with enough effort.
  • Shred DVDs, CDs, diskettes, tapes, and credit cards if possible. High-end shredders often have the capability to shred these items. Always confirm that a shredder can accommodate the items you want to shred.
  • Before you sell a smartphone, perform a factory reset to remove confidential information from the device.
  • Consider using secure erase software to wipe, or electronically “shred,” information on a personal computer’s hard drive. At a minimum, take the hard drive out of a laptop or desktop computer before disposing of the old computer.

Information Security and Privacy Safeguards

Northwestern Mutual Information Security and Privacy Safeguards

The security and privacy of clients’ confidential information are important to Northwestern Mutual. The company takes its responsibility to protect this information seriously and uses technical, administrative, and physical controls to safeguard its data. The following are just some of the ways the company works to keep client information safe.

Technical

Northwestern Mutual uses layers of technical controls to protect its clients’ information:

  • Antivirus–The company uses antivirus solutions to protect against malicious code that could compromise client information or damage company systems.
  • Email filtering–The company actively filters incoming email messages for phishing and spam attacks.
  • Encryption–The company encrypts client information accessed through online account access services to prevent unauthorized users from viewing that information. Company policies require client information stored on mobile devices used for business, including laptops, tablets, and smartphones, to be encrypted as well.
  • Firewalls–The company stores client information on its internal network, which resides behind a corporate firewall designed to prevent unauthorized external parties from accessing that data.
  • Fraudulent activity monitoring–The company monitors incoming messages to help identify and prevent fraudulent financial requests.
  • System activity monitoring–The company uses a variety of resources to monitor systems to identify suspicious activity. Intrusion detection systems and data leakage protection systems reduce the risk of incoming attacks and information loss.
Administrative

Northwestern Mutual supplements its technical controls with processes, procedures, and policies to further protect its clients’ information:

  • Business need to know–Access to company systems is granted on a business need to know basis. Only those people who need access to a given system and its information to accomplish their job responsibilities receive that access.
  • Change control–The company uses a change control process to help ensure all changes to company systems maintain the confidentiality, integrity, and availability of those systems.
  • Corporate governance–The company has a strong governance system with multiple committees supporting information protection initiatives.
  • Cybersecurity threat simulations–The company conducts cybersecurity threat simulations to identify areas of program strength and opportunities for improvement.
  • Incident response–The company maintains a well-defined computer security and privacy incident response program, designed to contain and resolve any incidents efficiently and effectively. The program is periodically reviewed and exercised to train and ensure preparation for events.
  • Privacy–All new employees receive privacy training. In addition, an Enterprise Privacy team manages the privacy program for the company. Each department has a designated privacy liaison who also supports the privacy program.
  • Internal and external IT auditors–The company’s internal and external auditors regularly review and assess the company’s information technology systems and operations.
  • Policies and standards–The company maintains written policies and standards for information protection. These policies and standards provide the foundation and guidance for the company’s information security, privacy, and risk management program.
  • Records management and sanitization–The company maintains a records management program that manages the lifecycle of the company’s information, including adherence to regulatory requirements and secure disposal of confidential information.
  • Risk assessments–The company performs risk assessments during the development and acquisition of information systems to help ensure those systems include appropriate protection of client information.
  • Security awareness–The company recognizes that end users are a critical component of an effective information security and risk management program. The company provides employees and financial representatives with security awareness and training, such as ongoing security awareness articles and events, training in company policies and standards, and simulated phishing exercises. Information to help clients protect themselves is also available on the company’s corporate website.
  • Separation of duties–The company separates specific job duties to prevent a conflict of interest when appropriate.
  • Threat monitoring–The company works with internal teams and third-party industry security organizations to monitor its environment for existing and potential threats.
  • User access reviews–The company annually reviews user access to company systems to help ensure users maintain an appropriate level of access to those systems.
Physical

Northwestern Mutual also protects its clients’ information from physical harm and theft:

  • Building and data center physical security–The company controls physical access to its buildings, data centers, and other facilities. Restricted access helps to ensure the confidentiality, integrity, and availability of company systems and physical assets within the company.
  • Business continuity and disaster recovery planning–The company maintains and periodically tests defined business continuity and disaster recovery plans. These plans are designed to maximize the availability of company systems and information and recover from natural or human-made disasters as efficiently and effectively as possible.
  • Redundancy–As part of its business continuity and disaster recovery plans, the company maintains redundant data centers to help ensure the availability of company systems and client information.

Additional Information

  • Northwestern Mutual
  • Northwestern Mutual Investment Services, LLC
  • Northwestern Long Term Care Insurance Company