Skip to main content

Cybersecurity of retirement accounts is taking center stage

Retirement plan administration has advanced in recent decades with the rise of the Internet and other digital technologies. However, that has made retirement plans a target for cyber criminals. Armed with stolen personal data, hackers now see trillions of American retirement dollars as a new favorite target.

The retirement industry has had to strengthen its defense against cyberattacks and, as a natural extension of this effort, the due diligence practices of plan sponsor fiduciaries have entered the spotlight. The U.S. Department of Labor released new cybersecurity guidance for plan sponsors in April and is already making it a priority topic of audits as DOL underscores the “obligation to ensure proper mitigation of cybersecurity risks.”

The DOL guidance includes:
  • Tips for hiring a service provider with sound cybersecurity practices: These tips include asking about the service provider’s security standards, evaluating any historical breaches or litigation and seeking favorable contract terms around cybersecurity.
  • Best practices for the cybersecurity programs of service providers: These best practices include the use of data encryption, periodic cybersecurity training and third-party audits of security controls.
  • Online security tips for plan participants: These tips include registering one's account and utilizing multi-factor authentication.
Retirement plan sponsors are strongly encouraged to incorporate cybersecurity oversight in their governance practices for the benefit of plan participants and beneficiaries. As with all good fiduciary habits, it’s important this oversight is memorialized by way of meeting minutes or other internal documentation.

Plan sponsors should understand this obligation extends not only to the cybersecurity controls of their service providers, but the organization’s own internal controls, as well. If not yet addressed, plan sponsors should prioritize a review of their internal practices and talk to their service providers about this topic.

If you would like to speak with a consultant at HANYS Benefit Services on this or any other issue, call (800) 388-1963 or email hbs@hanys.org.

Popular posts from this blog

Employee Benefits Offerings: What Perks Can You Add?

Employee benefits can play a crucial role in attracting and retaining top talent. Beyond compensation and bonuses, offering a variety of perks can significantly enhance employee satisfaction and productivity. But what should you include in your employee benefits offerings?   What are employee benefits?   Employee benefits encompass compensation, bonuses and various perks outside an employee's wage. By offering flexible employee benefits, you can improve employee productivity and loyalty while attracting and retaining talented candidates.   Personalized benefits examples   The type of benefits offered can vary by industry. We've compiled some of the most popular options to help you explore possible employee benefits strategies .  1. Social opportunities   Employee perks don't always have to be tied to a benefits package. Sometimes, the best way to engage your employees can be through social opportunities. Group activities can help im...

What is Risk Management? 4 Key Topics to Know

Understanding risk management in retirement programs  Managing a retirement program is complex, with multiple layers of risk. For organizations and their leadership, understanding and mitigating these risks is crucial to ensuring the long-term success and reliability of these programs.   It often leaves human resource professionals, employers and program administrators questioning, "What is risk management, and how can we excel at it?"  This blog post explores the various aspects of risk management in retirement program administration and provides actionable insights to help organizations better manage these risks.  The importance of risk management  Retirement programs are designed to benefit participants and beneficiaries, but they come with their own set of risks. These risks can be broadly categorized into four main topics:  Fees  Administration  Investments  Cybersecurity  Each of these topics requires meticulous attention and ...

April 2025 Benefits Buzz: Class-action lawsuits and IRS guidance

This month's highlights  Topic #1: Class-action lawsuits target health plan tobacco surcharges.  Topic #2: IRS issues ACA reporting guidance on individual statements.  Welcome to the April 2025 edition of Benefits Buzz! In this issue, we dive into the latest on employee benefits, wellness programs and ever-evolving workplace dynamics. Stay informed and gain insights that help you make the most of your benefits package.  Download the full story  Download the PDF below for an in-depth look at this month's topics. Dive deeper into guidance that can help you leverage your benefits to their full potential. Don't miss out on valuable insights that could improve your professional and personal life.  [Download the Full Story]   Stay informed, stay empowered and make the most of your benefits with Benefits Buzz! Be sure to follow us on LinkedIn for monthly updates and never miss out on the latest in benefits news.  Questions?  Contact TruePlan . Our...