The DOL's ERISA Advisory Council recently issued a report, Cybersecurity Considerations for Benefit Plans, which summarizes its examination of and recommendations regarding cybersecurity considerations as they relate to employee benefit plans.
The report noted that while cybersecurity is a focus area for organizations with regard to ongoing business activities, benefit plans often fall outside the scope of cybersecurity planning even though plans often maintain and share sensitive employee data and asset information across multiple unrelated entities as a part of the plan administration process. As such, the Council believes benefit plans should be specifically considered when implementing cybersecurity risk management measures, both in safeguarding benefit plan data and assets and when making decisions to select or retain a service provider.
One of the most significant challenges that face employee benefit plans is the reliance on service providers to manage daily activities of the plan. As a result, employee benefit plans typically share sensitive employee data and beneficiary and employer information with these service providers. Based upon historical cybersecurity breaches, third parties can be considered the weakest cybersecurity link. A cybersecurity breach within an employee benefit plan could ultimately result in personal information being compromised.
The Council identified four major areas for effective practices and policies:
Service provider management.
Every plan is unique and cybersecurity risk management is a process. There is not a “one- size-fits-all” strategy, and plan sponsors, administrators, fiduciaries and other service providers must determine what is reasonable. The Council has created materials for plan sponsors and fiduciaries to utilize when developing a cybersecurity strategy and program.
Source : Cybersecurity Considerations for Benefit plans
You’ve heard our thoughts… We’d like to hear yours
The Schneider Downs Our Thoughts On blog exists to create a dialogue on issues that are important to organizations and individuals. While we enjoy sharing our ideas and insights, we’re especially interested in what you may have to say. If you have a question or a comment about this article – or any article from the Our Thoughts On blog – we hope you’ll share it with us. After all, a dialogue is an exchange of ideas, and we’d like to hear from you. Email us at [email protected].
Material discussed is meant for informational purposes only, and it is not to be construed as investment, tax, or legal advice. Please note that individual situations can vary. Therefore, this information should be relied upon when coordinated with individual professional advice.