April 27, 2021
On April 14, 2021, the DOL’s Employee Benefits Security Administration provided guidance to plan sponsors, fiduciaries, record keepers and plan participants on cybersecurity best practices. This was done in an effort to protect American workers’ retirement benefits. This novel guidance was provided through three documents: 1) Tips for Hiring a Service Provider; 2) Cybersecurity Program Best Practices; and 3) Online Security Tips.
Tips for Hiring a Service Provider. This document assists plan sponsors and fiduciaries in selecting a service provider with strong cybersecurity practices. ERISA requires plan fiduciaries to monitor service providers to ensure that they are maintaining plan records and keeping participant data confidential and plan accounts secure. The DOL suggests several tips that plan sponsors can follow in ascertaining a service provider’s cybersecurity practices.
Cybersecurity Program Best Practices. This document provides a list of best practices for use by recordkeepers and other service providers responsible for plan-related IT systems and data. Plans’ service providers should:
Online Security Tips. This document is geared towards plan participants and beneficiaries and provides tips on reducing the risk of fraud and loss when accessing their retirement accounts online. The document encourages individuals to:
Employers should familiarize themselves with the DOL’s suggestions pertaining to cybersecurity. The guidance indicates that the DOL considers this an element of plan sponsors’ fiduciary duties, so employers should work to minimize the risk of cybersecurity breaches.
News Release » Tips for Hiring a Service Provider » Cybersecurity Program Best Practices » Online Security Tips »