As we approach ERISA season, it is more important now than ever to remember that even our retirement benefits are at risk for cybersecurity attacks.
For the first time in history, the Employee Benefits Security Administration (EBSA) has issued cybersecurity guidance for ERISA-covered retirement programs, which outlines best practices for record-keepers, plan sponsors and fiduciaries, participants and beneficiaries. The guidance came in three forms: (i) cybersecurity program best practices for record-keepers and other service providers, (ii) tips for plan sponsors on selecting a service provider, and (iii) general online security tips.
While ERISA has always required plan fiduciaries to take appropriate precautions to mitigate internal and external cybersecurity threats, such precautions were undefined and ambiguous prior to this guidance. Now that this guidance has been released, it is important for plan sponsors and fiduciaries to incorporate it into existing plan oversight processes. Any action taken should be documented in plan-related records in order to demonstrate conformity with the guidance, e.g., service provider due diligence, enhancements to internal controls, etc.
See below for some tips that the guidance suggests plan sponsors, fiduciaries and participants take in order to stay ahead of cybersecurity crime:
1. Hire a service provider with strong cybersecurity practices and monitor their activities
Understand their security standards
Ask the service provider if they have had previous security breaches and how they responded to the situation
Make sure the contract requires ongoing compliance that includes cybersecurity and information security standards
You’ve heard our thoughts… We’d like to hear yours
The Schneider Downs Our Thoughts On blog exists to create a dialogue on issues that are important to organizations and individuals. While we enjoy sharing our ideas and insights, we’re especially interested in what you may have to say. If you have a question or a comment about this article – or any article from the Our Thoughts On blog – we hope you’ll share it with us. After all, a dialogue is an exchange of ideas, and we’d like to hear from you. Email us at [email protected].
Material discussed is meant for informational purposes only, and it is not to be construed as investment, tax, or legal advice. Please note that individual situations can vary. Therefore, this information should be relied upon when coordinated with individual professional advice.