Thursday, June 24, 2021

Cybersecurity of retirement accounts is taking center stage

Retirement plan administration has advanced in recent decades with the rise of the Internet and other digital technologies. However, that has made retirement plans a target for cyber criminals. Armed with stolen personal data, hackers now see trillions of American retirement dollars as a new favorite target.

The retirement industry has had to strengthen its defense against cyberattacks and, as a natural extension of this effort, the due diligence practices of plan sponsor fiduciaries have entered the spotlight. The U.S. Department of Labor released new cybersecurity guidance for plan sponsors in April and is already making it a priority topic of audits as DOL underscores the “obligation to ensure proper mitigation of cybersecurity risks.”

The DOL guidance includes:
  • Tips for hiring a service provider with sound cybersecurity practices: These tips include asking about the service provider’s security standards, evaluating any historical breaches or litigation and seeking favorable contract terms around cybersecurity.
  • Best practices for the cybersecurity programs of service providers: These best practices include the use of data encryption, periodic cybersecurity training and third-party audits of security controls.
  • Online security tips for plan participants: These tips include registering one's account and utilizing multi-factor authentication.
Retirement plan sponsors are strongly encouraged to incorporate cybersecurity oversight in their governance practices for the benefit of plan participants and beneficiaries. As with all good fiduciary habits, it’s important this oversight is memorialized by way of meeting minutes or other internal documentation.

Plan sponsors should understand this obligation extends not only to the cybersecurity controls of their service providers, but the organization’s own internal controls, as well. If not yet addressed, plan sponsors should prioritize a review of their internal practices and talk to their service providers about this topic.

If you would like to speak with a consultant at HANYS Benefit Services on this or any other issue, call (800) 388-1963 or email hbs@hanys.org.

<< Blog Home

Subscribe to blog via email
Subscribe to rss feed

Financial
Wellness Report


Free Download