Department of Labor Issues Cybersecurity Guidance for Fiduciaries
If you’re a business owner or an appointed fiduciary for your company’s retirement plan, it’s important to know that the Department of Labor recently issued guidance that outlines a fiduciary’s responsibility to protect plan participants’ data. This guidance means fiduciaries are responsible for far more than is outlined in the Employee Retirement Income Security Act of 1974, ERISA. You will need coverage for cyber liability employee benefit plans and take steps to mitigate your risk.
The DoL offered 12 best practices for keeping data secure. These include tips like annual risk assessments and cybersecurity awareness training. Many of the steps are related to how retirement account information is stored. You need to make sure you, and any third-parties that provide retirement services:
- Keep data encrypted while stored and while in transit.
- Implement technical controls like intrusion detection, firewalls and antivirus software.
- Define security roles, levels of access and responsibilities.
In addition to following best practices, encourage your employees to follow the DoL security tips. Everyone should use multifactor authentication, but also use good digital hygiene like difficult passwords that are never repeated or written down. With the rise of password vaults, it is easier than ever for users to maintain difficult passwords. Educate them on phishing and the dangers of public wi-fi.
When you keep up with the guidance, your employees are safer and your business is more secure.