The Department of Labor (DOL) recently provided its first guidance for plan sponsors related to cybersecurity for retirement plans. Cybersecurity of plan and participant data is a critical topic for retirement plan management. Significant amounts of financial and Personal Identifiable Information (PII) are transmitted between plan sponsors and third parties managing their retirement plans. Under ERISA, plan fiduciaries are required to mitigate the risks associated with managing their plans.
The guidance consists of three documents covering the following topics:
- Tips for hiring service providers – Covering information the plan sponsor should review prior to hiring service providers and information that may be included in the service providers’ contract.
- Cybersecurity best practices – Detailed guidance on how to create and monitor a cybersecurity program for plan-related IT systems and data.
- Tips for online security – Basic rules for plan sponsors and participants related to creating and maintaining a high level of security for online passwords and accounts.
Multnomah Group is a registered investment adviser, registered with the Securities and Exchange Commission. Any information contained herein or on Multnomah Group’s website is provided for educational purposes only and does not intend to make an offer or solicitation for the sale or purchase of any specific securities, investments, or investment strategies. Investments involve risk and, unless otherwise stated, are not guaranteed. Multnomah Group does not provide legal or tax advice. Any views expressed herein are those of the author(s) and not necessarily those of Multnomah Group or Multnomah Group’s clients.