The threat of a cyberattack is prevalent throughout the business world. Given the highly sensitive data held within employee benefit plans, it should come as no surprise that they have become a major target for hackers. Protecting participants’ personally identifiable information is a responsibility no longer limited to IT departments. Plan sponsors, fiduciaries and service providers of all employee benefit plans have an obligation to establish strong information systems practices to help prevent these attacks.
Plan sponsors should identify how data is accessed, controlled, transmitted and stored, and assess the risks associated with these processes. Management strategies must be customized and dynamic to provide the best fit for their individual plan.
Contract with Service Providers
Plan sponsors should have frequent discussions with the plan’s third-party service providers and review each provider’s current policies and procedures relating to data security, including determining the best approach for evaluating the effectiveness of existing controls.
Any individual dealing with employee benefit plan information should have a clear understanding as to whether or not the current insurance/bond policies protect against the consequences of a cyberattack. It is important to be educated on the appropriate cyber insurance policy needed to cover the plan.
Schneider Downs can help you assess your plan’s current needs and assist in implementing an appropriate cybersecurity strategy today.
You’ve heard our thoughts… We’d like to hear yours
The Schneider Downs Our Thoughts On blog exists to create a dialogue on issues that are important to organizations and individuals. While we enjoy sharing our ideas and insights, we’re especially interested in what you may have to say. If you have a question or a comment about this article – or any article from the Our Thoughts On blog – we hope you’ll share it with us. After all, a dialogue is an exchange of ideas, and we’d like to hear from you. Email us at [email protected].
Material discussed is meant for informational purposes only, and it is not to be construed as investment, tax, or legal advice. Please note that individual situations can vary. Therefore, this information should be relied upon when coordinated with individual professional advice.