Citing the growing threat of online criminal activity, the U.S. Department of Labor has issued guidance on cybersecurity steps to help protect the nation’s $9.3 trillion in pensions and defined benefit plans. The suggestions are aimed at helping plan sponsors and fiduciaries to avoid data breaches and cyber theft from the estimated 140 million retirement plan participants in the U.S. The Employee Retirement Income Security Act (ERISA), which regulates private pension plans and defined contribution plans, requires plan fiduciaries to take appropriate precautions to mitigate these risks. Without sufficient protections, these participants and assets may be at risk from both internal and external cybersecurity threats.
The DOL’s guidance is presented in three forms, including one offering helpful tips to plan participants who must also play a role in protecting their savings:
- Tips for Hiring a Service Provider: Helps plan sponsors and fiduciaries prudently select a service provider with strong cybersecurity practices and monitor their activities, as ERISA requires.
- Cybersecurity Program Best Practices: Assists plan fiduciaries and record-keepers in their responsibilities to manage cybersecurity risks.
- Online Security Tips: Offers plan participants and beneficiaries who check their retirement accounts online basic rules to reduce the risk of fraud and loss.
The DOL has previously issued guidance aimed at ensuring that electronic recordkeeping systems have reasonable controls, adequate records management practices are in place, and that electronic disclosure systems include measures calculated to protect Personally Identifiable Information. The new cybersecurity recommendations help to bolster these precautions against increasingly sophisticated threats.
For additional information or help setting up your own cybersecurity defenses, please contact Gray, Gray & Gray at (781) 407-0300.