Being aware of cybersecurity best practices is an ongoing responsibility and not a point-in-time event; however, periodically setting time aside to conduct a holistic review of processes and protocols will help ensure your retirement plan’s security practices are not lacking or stale. If this is already on your plan fiduciary checklist, kudos! If not, this is a great month to start an action plan.
As cybercrimes continue to increase, both in quantity and sophistication, it is imperative that plan fiduciaries understand the safeguards and potential pitfalls their plans and participants may face.
In April 2021, the Employee Benefits Security Administration (EBSA), an agency within the Department of Labor (DOL), issued guidance on cybersecurity in the form of best practices. These links can be found in our Top of Mind Considerations for Plan Sponsors on Cybersecurity. The listings of best practices and tips provided by the EBSA are robust; however, how to act upon these suggestions is not clearly defined.
Plan fiduciaries should not go at it alone. Work with internal resources and solicit help from outside service providers. Ask vendors with access to participants’ personal identifiable information (PII) for details on their policies handling this data, cyber and operational security assessments, audits, and guarantees. Cybersecurity guarantees vary widely across service providers, as well as the procedures in place to assist if an incident occurs.
As you ask questions and review materials, clearly document all the steps taken along the way. DOL audits do ask questions related to cybersecurity and the protections in place. Documenting the review process will be beneficial in the event of an audit. And if an actual breach incident were to occur, preparedness will provide peace of mind.
Multnomah Group is a registered investment adviser, registered with the Securities and Exchange Commission. Any information contained herein or on Multnomah Group’s website is provided for educational purposes only and does not intend to make an offer or solicitation for the sale or purchase of any specific securities, investments, or investment strategies. Investments involve risk and, unless otherwise stated, are not guaranteed. Multnomah Group does not provide legal or tax advice. Any views expressed herein are those of the author(s) and not necessarily those of Multnomah Group or Multnomah Group’s clients.