Cybersecurity Considerations for Employee Benefit Plans

The DOL's ERISA Advisory Council recently issued a report, Cybersecurity Considerations for Benefit Plans, which summarizes its examination of and recommendations regarding cybersecurity considerations as they relate to employee benefit plans.

The report noted that while cybersecurity is a focus area for organizations with regard to ongoing business activities, benefit plans often fall outside the scope of cybersecurity planning even though plans often maintain and share sensitive employee data and asset information across multiple unrelated entities as a part of the plan administration process.  As such, the Council believes benefit plans should be specifically considered when implementing cybersecurity risk management measures, both in safeguarding benefit plan data and assets and when making decisions to select or retain a service provider. 

One of the most significant challenges that face employee benefit plans is the reliance on service providers to manage daily activities of the plan.  As a result, employee benefit plans typically share sensitive employee data and beneficiary and employer information with these service providers.  Based upon historical cybersecurity breaches, third parties can be considered the weakest cybersecurity link. A cybersecurity breach within an employee benefit plan could ultimately result in personal information being compromised.  

The Council identified four major areas for effective practices and policies: 

  1. Data management.
  2. Technology management.
  3. Service provider management.
  4. People issues/training.

Every plan is unique and cybersecurity risk management is a process. There is not a “one- size-fits-all” strategy, and plan sponsors, administrators, fiduciaries and other service providers must determine what is reasonable.   The Council has created materials for plan sponsors and fiduciaries to utilize when developing a cybersecurity strategy and program. 

For the full report Click Here

Please contact us if you have any questions and visit the Our Thoughts On blog for more articles. 

Source : Cybersecurity Considerations for Benefit plans

our thoughts on

array(2) { [0]=> string(2) "14" [1]=> string(2) "56" }
The Dichotomy of Cybersecurity in Higher Education
New features for enhanced password protection in Azure Active Directory
Using Your Mail Server Against You
Audit, ERISA BY Joshua Zimmerly
Benefit Plan Audit by Infomercial
California First to Require IoT Security
Better Understanding PCI Penetration Testing Requirements

Register to receive our weekly newsletter with our most recent columns and insights.

Have a question? Ask us!

We’d love to hear from you. Drop us a note, and we’ll respond to you as quickly as possible.

Ask us

contact us

Map of Pittsburgh Office

One PPG Place, Suite 1700
Pittsburgh, PA 15222
p:412.261.3644     f:412.261.4876

Map of Columbus Office

65 East State Street, Suite 2000
Columbus, OH 43215
p:614.621.4060     f:614.621.4062