Skip to main content

Cybersecurity of retirement accounts is taking center stage

Retirement plan administration has advanced in recent decades with the rise of the Internet and other digital technologies. However, that has made retirement plans a target for cyber criminals. Armed with stolen personal data, hackers now see trillions of American retirement dollars as a new favorite target.

The retirement industry has had to strengthen its defense against cyberattacks and, as a natural extension of this effort, the due diligence practices of plan sponsor fiduciaries have entered the spotlight. The U.S. Department of Labor released new cybersecurity guidance for plan sponsors in April and is already making it a priority topic of audits as DOL underscores the “obligation to ensure proper mitigation of cybersecurity risks.”

The DOL guidance includes:
  • Tips for hiring a service provider with sound cybersecurity practices: These tips include asking about the service provider’s security standards, evaluating any historical breaches or litigation and seeking favorable contract terms around cybersecurity.
  • Best practices for the cybersecurity programs of service providers: These best practices include the use of data encryption, periodic cybersecurity training and third-party audits of security controls.
  • Online security tips for plan participants: These tips include registering one's account and utilizing multi-factor authentication.
Retirement plan sponsors are strongly encouraged to incorporate cybersecurity oversight in their governance practices for the benefit of plan participants and beneficiaries. As with all good fiduciary habits, it’s important this oversight is memorialized by way of meeting minutes or other internal documentation.

Plan sponsors should understand this obligation extends not only to the cybersecurity controls of their service providers, but the organization’s own internal controls, as well. If not yet addressed, plan sponsors should prioritize a review of their internal practices and talk to their service providers about this topic.

If you would like to speak with a consultant at HANYS Benefit Services on this or any other issue, call (800) 388-1963 or email hbs@hanys.org.

Popular posts from this blog

Employee Benefits Offerings: What Perks Can You Add?

Employee benefits can play a crucial role in attracting and retaining top talent. Beyond compensation and bonuses, offering a variety of perks can significantly enhance employee satisfaction and productivity. But what should you include in your employee benefits offerings?   What are employee benefits?   Employee benefits encompass compensation, bonuses and various perks outside an employee's wage. By offering flexible employee benefits, you can improve employee productivity and loyalty while attracting and retaining talented candidates.   Personalized benefits examples   The type of benefits offered can vary by industry. We've compiled some of the most popular options to help you explore possible employee benefits strategies .  1. Social opportunities   Employee perks don't always have to be tied to a benefits package. Sometimes, the best way to engage your employees can be through social opportunities. Group activities can help im...
Read more

What is Risk Management? 4 Key Topics to Know

Understanding risk management in retirement programs  Managing a retirement program is complex, with multiple layers of risk. For organizations and their leadership, understanding and mitigating these risks is crucial to ensuring the long-term success and reliability of these programs.   It often leaves human resource professionals, employers and program administrators questioning, "What is risk management, and how can we excel at it?"  This blog post explores the various aspects of risk management in retirement program administration and provides actionable insights to help organizations better manage these risks.  The importance of risk management  Retirement programs are designed to benefit participants and beneficiaries, but they come with their own set of risks. These risks can be broadly categorized into four main topics:  Fees  Administration  Investments  Cybersecurity  Each of these topics requires meticulous attention and ...
Read more

Executive disability income protection program: C-suite FAQ

Implementing a comprehensive risk management strategy is imperative for C-level executives and senior management at HANYS member hospitals. One critical, but often overlooked component, is the executive disability income protection program. But what exactly is this program and why is it vital for high-income earners?   With increasing interest in executive disability income protection programs from C-suite executives, TruePlan Benefit and Retirement Advisors interviewed Bernard A. Gleeson, Director, Employee Benefit Services, on Executive disability income protection programs FAQs.  What is an executive disability income protection program?  An executive disability income protection program (EDIPP) is a specialized form of disability insurance designed to supplement existing group disability plans offered by employers. These individual plans provide additional coverage beyond the typical monthly maximum benefit cap found in traditional employer-based offerings. By ov...
Read more