• Skip to main content
  • Skip to secondary menu
  • Skip to primary sidebar
  • Skip to footer
Computer Business World News

Computer Business World News

Trending News about Computers, Business and Tech

  • Home
  • BUSINESS
  • CAREERS
  • CLOUD
  • COMPUTERS
  • CYBERSECURITY
  • I.T.
  • TECH
  • VOIP
  • About

DOL Issues Guidance on Retirement Plan Cybersecurity Best Practices

by


The Department of Labor (the “DOL”) released guidance on April 14, 2021 regarding cybersecurity and data privacy best practices for retirement plan providers and participants. Nearly $10 trillion are held in retirement plans, making them a rich target for hackers and bad actors. Retirement plan administration often requires multiple parties to disclose and protect sensitive or personally identifiable information (“PII”), which means that plan sponsors and providers should establish security standards if they have not already.

Participants trust their providers and sponsors to store their PII, and as a result, all parties have a role to play in protecting against a breach of that personal information. The DOL’s guidance provides best practices and tips for all three groups to help them learn how to avoid a breach of retirement plans.

Specifically, the DOL issued guidance covering:

  1. Cybersecurity program best practices for plan service providers,
  2. Tips for plan sponsors to hire service providers with strong cybersecurity practices, and
  3. Online security tips directed at plan participants to safeguard their accounts.

For providers, the DOL advises creating a formal documented cybersecurity program to protect the information systems and information itself from unauthorized access. There should be clearly defined security roles and responsibilities and strong access control procedures. Sensitive information and data should be encrypted when stored or in transit, and that there are strong technical controls in place overall. Service providers should undertake risk assessments and third-party audits of security controls. And service providers should work only with well-vetted third parties, which are also themselves subject to appropriate security reviews or assessments.

When hiring such plan service providers, the DOL advises plan sponsors to perform a reasonable amount of due diligence on whether the provider follows strong cybersecurity practices. A plan sponsor should look for providers who have standards, practices, polices, and audit results, as well as an articulated plan for how it validates these practices. Sponsors are obligated to protect the data of its participants, and such, sponsors should prioritize partnering with providers who have well-documented track records, especially if they have experienced a security breach in the past. And sponsors should ensure that contracts with providers specifically require ongoing compliance with information security standards and procedures, such as information security audits, restriction on use or sharing of information, notification of security incidents or breaches, compliance with applicable privacy and data security laws or regulations, and maintenance of ongoing cyber liability insurance coverage.

Finally, the DOL encourages plan participants to be smart about their online security, providing basic tips to frequently monitor their accounts, use unique passwords and multi-factor identification, avoid free wi-fi, beware of phishing attacks, and update contact information when necessary. The DOL also encourages participants to know when and how to report identity theft and cybersecurity incidents.

While these practices are especially relevant within the retirement plan industry, they are generally applicable across all businesses and industries. A well-rounded information security program to protect confidential or personally identifiable information is a best practice for all businesses (and a legal requirement for some).



Click to View Original Source

Filed Under: CYBERSECURITY

Primary Sidebar

More to See

Deutsche Telekom and FC Bayern extend it’s over 20 year-long partnership

The excellent 20-year collaboration between FC Bayern and Deutsche Telekom (DT) has been extended to 2027. The two partners will keep delighting … [Read More...] about Deutsche Telekom and FC Bayern extend it’s over 20 year-long partnership

Tidy double-decker screen setup offers a flexible way to multiscreen

Lighting up Kickstarter this week is the Geminos X, a fresh and very tidy approach to multi-screen monitor setups. Two 24-inch monitors unfold … [Read More...] about Tidy double-decker screen setup offers a flexible way to multiscreen

Denton County’s proposed budget lowers tax rate, prioritizes public safety and cybersecurity – Cross Timbers Gazette | Southern Denton County | Flower Mound

Denton County announced Tuesday that its $371 million Fiscal Year 2022-2023 recommended budget earmarks an estimated $7 million for cybersecurity … [Read More...] about Denton County’s proposed budget lowers tax rate, prioritizes public safety and cybersecurity – Cross Timbers Gazette | Southern Denton County | Flower Mound

Footer

SITE INFORMATION

COMPUTER BUSINESS WORLD NEWS

About/Contact

Privacy Policy

Thank you for visiting our website.

Recent

  • In a world of Ambient Computing, Israel remains static
  • Deutsche Telekom and FC Bayern extend it’s over 20 year-long partnership
  • Tidy double-decker screen setup offers a flexible way to multiscreen

Search

Copyright © 2022 Computer Business World