Technology makes up a large part of our life, and with that comes an increased cybersecurity threat. With $28 trillion dollars held in retirement plans in the United States and a vast amount of personal information, retirement plans have become a target for cyber hackers.
Plan sponsors need to be aware of these types of threats as they have the fiduciary duty to do so. As a fiduciary to the plan, the plan sponsor has a responsibility to make sure all the plan information, whether stored directly or by a third-party service provider, is kept safe. Not properly protecting the sensitive information within a retirement plan can result in fines and legal ramifications.
The Department of Labor has provided a report outlining some basic steps that plan sponsors can take to mitigate cybersecurity threats. The Department of Labor’s Advisory Council on Employee Welfare and Pension Plans describes many of these practices in its report. To read more about cybersecurity consideratons for benefit plans, click here.
Before a breach happens, plans should have a risk management strategy in place. The DOL report identifies several considerations for plan sponsors as they develop their strategies, including:
- Establishing who is responsible for designing, documenting, implementing and maintaining the strategy.
- Creating a process for eliminating unnecessary data to reduce cyber risks.
- Evaluating service provider security programs and documenting how they will gain access to sensitive data.
- Understanding current insurance coverage arrangements to determine whether additional protection is needed to adequately safeguard the plan sponsor and participants.
Individuals responsible for benefit plan management rarely have expertise in cybersecurity. There is not “a one-size fits all” approach to cybersecurity policies as plans can vary in many ways. HBE, through the American Institute of Certified Public Accountants Cybersecurity Resource Center, can help organizations learn how to best protect data and keep up to date on industry developments. Additionally, plan sponsors may want to consider engagement of a cybersecurity expert who can evaluate and develop improvement strategies for protection of data.
HBE is available to assist plan sponsors as they fulfill their fiduciary duties in cybersecurity areas including assessment, testing, and policy design. HBE partners, Scott Becker, Krystal Siebrandt and Kiley Wiechman, provide expertise in cybersecurity services. If you have questions regarding cybersecurity services, contact us 402-423-4343.