Skip to content
  • Home
  • Services
    • Audit & Attest
      • Financial Statement Audits
      • Employee Benefit Plans
      • Attestation Engagements
      • Compilations & Review
      • SOC
      • Agreed-Upon Procedures
    • Advisory
      • Transaction Advisory Services
      • Cybersecurity, Technology Risk, Privacy
      • High Net Worth Services
      • Forensic Services
      • Litigation Services
      • Management Consulting
      • Technology Services
      • Valuation Services
    • Business & Tax
      • Corporate Income Tax
      • Individual Income Tax
      • International Tax
      • State and Local Tax Compliance and Tax Minimization Services
      • Tax Planning
    • T&C Family Office Group
  • Industries
    • Car Wash
    • Construction & Real Estate
    • Government
    • Healthcare
    • Manufacturing & Distribution
    • Nonprofit Organizations
    • Privately-held Companies
    • Professional Services
    • Technology
  • Firm
    • Overview
    • Our People
    • Our Community
    • Templeton Group
      • PracticePro 365
      • T&C Family Office Group
      • Templeton Investigative Services
  • Careers
    • Experienced
    • Students
    • Benefits
  • Pay My Bill
Menu
  • Home
  • Services
    • Audit & Attest
      • Financial Statement Audits
      • Employee Benefit Plans
      • Attestation Engagements
      • Compilations & Review
      • SOC
      • Agreed-Upon Procedures
    • Advisory
      • Transaction Advisory Services
      • Cybersecurity, Technology Risk, Privacy
      • High Net Worth Services
      • Forensic Services
      • Litigation Services
      • Management Consulting
      • Technology Services
      • Valuation Services
    • Business & Tax
      • Corporate Income Tax
      • Individual Income Tax
      • International Tax
      • State and Local Tax Compliance and Tax Minimization Services
      • Tax Planning
    • T&C Family Office Group
  • Industries
    • Car Wash
    • Construction & Real Estate
    • Government
    • Healthcare
    • Manufacturing & Distribution
    • Nonprofit Organizations
    • Privately-held Companies
    • Professional Services
    • Technology
  • Firm
    • Overview
    • Our People
    • Our Community
    • Templeton Group
      • PracticePro 365
      • T&C Family Office Group
      • Templeton Investigative Services
  • Careers
    • Experienced
    • Students
    • Benefits
  • Pay My Bill
CONTACT US

DOL Issues Cybersecurity Guidance for Retirement Plans

  • Blog, Employee Benefit Plans / 401(k)

Home » DOL Issues Cybersecurity Guidance for Retirement Plans

On April 14, the Department of Labor (DOL) outlined a range of practices for combatting the growing threat of cybercrime to ERISA-covered retirement plans. This first-ever cybersecurity guidance issued by the DOL’s Employee Benefits Security Administration (EBSA) casts a wide net, addressing key issues affecting plan sponsors, fiduciaries, record keepers, as well as plan participants and beneficiaries.

The DOL estimates that defined contribution and defined benefit retirement plans hold a combined $9.3 trillion in assets. These plans also store vast amounts of vital personal information online—information that could put participants and their assets at risk if a plan’s online systems were breached. In issuing this guidance, the DOL acknowledges the imminent risk posed by acts of cybercrime as well as the obligation of responsible plan fiduciaries, as set forth by ERISA, to help mitigate these risks.

Three Types of Guidance Issued

The DOL’s guidance is presented in three separate documents, each targeting a different audience. These best practices and tips are offered as recommendations for safeguarding the assets and personal information of plan participants while helping to reduce the risk of fraud and loss.

Tips for Hiring a Service Provider

This document aims to help plan sponsors and fiduciaries meet their responsibilities under ERISA to prudently select and monitor service providers that follow strong cybersecurity practices. Specific recommendations include scrutinizing the service provider’s information security standards, practices, policies, and audit results; evaluating its track record in the industry, including whether the provider has experienced any past security breaches and how it responded; inquiring about any potential insurance policies the service provider may hold that cover cybersecurity breaches; and reviewing contracts to ensure that they include provisions for compliance with cybersecurity and information security standards.

Cybersecurity Program Best Practices

This document offers 12 best practices that address the needs of record keepers and other service providers responsible for managing plan-related IT systems and data, as well as the needs of plan fiduciaries who are responsible for hiring such vendors. The recommended practices include having a formal, well-documented cybersecurity program; conducting annual risk assessments; holding periodic cybersecurity awareness training sessions; and implementing and maintaining strong technical controls in keeping with industry best practices.

Online Security Tips

While this tip sheet targets plan participants and beneficiaries, the information is also important for plan sponsors to know and potentially integrate into employee education programs focused on online safety. These tips include encouraging users to regularly monitor their accounts online; creating strong passwords; using multi-factor authentication; being aware of (and knowing the signs of) phishing attacks; and keeping antivirus applications and all system software up to date.

 Building on Past DOL Guidance

Although the DOL noted that this guidance was an important “first step” in safeguarding retirement benefits and personal information, it also builds on earlier EBSA guidance that addressed electronic recordkeeping systems and controls for protecting the personal information of plan participants. In this way, the current guidance may serve as a call to action to plan sponsors, fiduciaries and participants to review and update any established cybersecurity practices and protocols or to create a cybersecurity program using these recommendations.

Insight:

Keep Strengthening Your Controls

While there is no way to eliminate the risk of cybercrime entirely, plan sponsors who understand and take steps to incorporate the DOL’s guidance into their cybersecurity protocols will be on a more solid path to safeguarding their plan assets and participants’ vital information.

​The DOL guidance should be viewed as guidance or recommendations rather than a set of minimum requirements or as regulations. These recommendations underscore the importance of constantly evaluating, testing, and improving your cybersecurity protocols amid a rapidly evolving threat landscape.

Your representative can help you assess your current cyber risk profile.

Copyright © 2021 BDO USA, LLP. All rights reserved. www.bdo.com

Categories
  • Agribusiness
  • Assurance, Advisory & Review
  • Blog
  • Business Consulting & Corporate Compliance
  • Current Opportunities
  • Employee Benefit Plans / 401(k)
  • Healthcare
  • High Net Worth Individuals
  • Manufacturing & Distribution
  • Newsletter Articles
  • Newsletters
  • Nonprofit
  • Press Releases
  • Privately Held Companies
  • Professional Services
  • Real Estate & Construction
  • Retail
  • Specialty Tax Services
  • T&C Family Office Group
  • Tax Planning & Compliance
  • Technology
  • Uncategorized
  • Valuation Services

SHARE THIS ON:

RELATED POSTS

A Closer Look at IRC Section 1031 Exchanges

By John Chenoweth, CPA What is an IRC Section 1031 Exchange? An IRC Sec. 1031 like-kind exchange is an effective method for investors to defer

Read More »

Steve Templeton Named Power Leader by South Florida Business Journal

West Palm Beach, Fla., February 7, 2023 – Steve Templeton, Founder and Managing Partner of Templeton & Company, was named a Power Leader in the

Read More »

How Will CECL Affect Your Not‑for-Profit?

In 2016, the Financial Accounting Standards Board (FASB) issued Accounting Standards Update (ASU) 2016-13, Financial Instruments – Credit Losses (Topic 326): Measurement of Credit Losses

Read More »

Contact Us

WEST PALM BEACH
Esperante Building
222 Lakeview Avenue
Suite 1200
West Palm Beach, FL 33401
(561) 798-9988
Fax: (561) 798-4053

FORT LAUDERDALE
The Main
201 East Las Olas Boulevard
Suite 1650
Fort Lauderdale, FL 33301
(954) 333-0001
Fax: (954) 765-0719

Twitter Facebook Instagram Youtube Linkedin
© 2023 Templeton & Company. All Rights Reserved. Website by Weber & Co.
Services
  • Audit & Attest
  • Advisory
  • Business & Tax
  • T&C Family Office Group
  • Pay My Bill
  • Audit & Attest
  • Advisory
  • Business & Tax
  • T&C Family Office Group
  • Pay My Bill
Industries
  • Car Wash
  • Construction & Real Estate
  • Government
  • Healthcare
  • Manufacturing & Distribution
  • Nonprofit Organizations
  • Privately-held Companies
  • Professional Services
  • Technology
  • Car Wash
  • Construction & Real Estate
  • Government
  • Healthcare
  • Manufacturing & Distribution
  • Nonprofit Organizations
  • Privately-held Companies
  • Professional Services
  • Technology
Firm
  • Overview
  • Our People
  • Our Community
  • Templeton Group
  • Overview
  • Our People
  • Our Community
  • Templeton Group
Careers
  • Experienced
  • Students
  • Benefits
  • Experienced
  • Students
  • Benefits
Cleantalk Pixel