Recognizing that cybersecurity is an increasingly critical issue, sponsors of ERISA retirement plans are taking steps to reduce risks. Those efforts should now account for the fact that when the U.S. Department of Labor (DOL) reviews their plans, it is looking to the guidance on cybersecurity best practices and security tips that it released in April 2021.
Plan sponsors may wish to review their own current cybersecurity practices to ensure they are acting in accord with the practices that the DOL has identified within its first official guidance practices and should consider the insights as they select and monitor the plan service providers that have access to sensitive, confidential data and information, such as personally identifiable information (PII), electronic protected health information (ePHI), or sensitive trust information (e.g., surrounding banking).
Plan sponsors should consider the following three steps to ensure their cybersecurity efforts are aligned with the DOL’s recommendations:
- Establish a Committee: Identify participants and processes
- Survey Vendors and Trading Partners: Solicit information relevant to each entity
- Monitor and Report: A Routine Check-up with Vendor