Subscribe (Free) to
Daily or Weekly Newsletters
Post a Job

Featured Jobs

Senior Retirement Plan Administrator

TPS Group
(Remote / Buffalo NY)

TPS Group logo

Retirement Plan Consultant

DWC - The 401(k) Experts
(Remote)

DWC - The 401(k) Experts logo

Account Representative

Nolan Financial
(Remote / Bethesda MD)

Nolan Financial logo

Retirement Plan Consultant (RPC)

Qualified Plan Consultants, LLC (QPC)
(Remote)

Qualified Plan Consultants, LLC (QPC) logo

DC Plan Administrator

Retirement, LLC
(Remote / Oklahoma City OK)

Retirement, LLC logo

Senior Retirement Account Representative

Ohio Pension Services
(Akron OH)

Ohio Pension Services logo

Retirement Plan Consultant

Cetera Retirement Plan Specialists
(Remote)

Cetera Retirement Plan Specialists logo

Plan Compliance Analyst (Administrator)

RPA
(Remote / Falls Church VA)

RPA logo

Customer Experience Specialist

Aimpoint Pension
(Remote / Pompano Beach FL)

Aimpoint Pension logo

Senior Account Analyst

Nolan Financial
(Remote / Bethesda MD)

Nolan Financial logo

Pension Plan Administrator

DeMars Pension Consulting Services, Inc.
(Overland Park KS)

DeMars Pension Consulting Services, Inc. logo

DC Plan Administrator

Farmer & Betts, Inc.
(Remote / Tacoma WA / CO / OR)

Farmer & Betts, Inc. logo

Retirement Plan Administrator

Premier Plan Consultants
(Remote / San Diego CA)

Premier Plan Consultants logo

Sr. Benefits Plan Administrator

The Catholic Diocese of Arlington
(Arlington VA)

The Catholic Diocese of Arlington logo

Free Newsletters

“BenefitsLink continues to be the most valuable resource we have at the firm.”

-- An attorney subscriber

Mobile App image LinkedIn icon
Twitter icon
Facebook icon

View ARPA News and Resources

<< Older News  |  September 20, 2021

News

All News > Cybersecurity

Get this news and more in our free daily email newsletters.
DOL Ramps Up Retirement Plan Cybersecurity Investigations
Hall Benefits Law Link to more items from this source
Aug. 30, 2021

"Reports continue to come in concerning an increasing number of DOL requests made to plan sponsors asking for all cybersecurity and information security program policies, procedures and guidelines that relate to retirement plans, whether applied by the plan sponsor or by a provider, as well as detailed documentation of specific actions taken by the plan's fiduciaries and providers, including many that the DOL addressed in its guidance."

Tags: Cybersecurity  •  Retirement Plan Administration

Developing a Prudent Process for Cybersecurity
Groom Law Group, via PLANSPONSOR; free registration may be required Link to more items from this source
Aug. 27, 2021

"As the DOL pivots to new areas of enforcement -- such as cybersecurity -- it will be important for plan fiduciaries to consider taking similar steps to help protect participant account balances, plan information technology systems and related information. While nobody could have anticipated in 1974 (when [ERISA] was enacted) that plan fiduciaries would be responsible for cybersecurity, here we are in 2021 with a department that seems to expect human resources (HR) professionals to moonlight as expert hackers."

Tags: Cybersecurity  •  Retirement Plan Administration

Best Practices for ERISA Fiduciary Responsibilities and Cybersecurity for Retirement Plans (PDF)
Mintz, via Thomson Reuters Practical Law Link to more items from this source
[Guidance Overview]
Aug. 25, 2021

12 pages. "[P]rudent selection and monitoring of plan service providers that may handle PII requires critical due diligence of the third-party service provider's systems, data storage, and encryption security.... When employees work from home, companies may face additional risk from employees who take shortcuts to ease working on personal devices or outside of the organization's regular environment.... The main components of a business resiliency program are a business continuity plan, disaster recovery plan, and incident response plan."

Tags: Cybersecurity

How DOL's Cybersecurity Guidance Impacts Retirement and Health and Welfare Plans
Quarles & Brady LLP Link to more items from this source
[Guidance Overview]
Aug. 20, 2021

"[T]he DOL did not provide a delayed effective date but considers this guidance enforceable now.... Note that the DOL cybersecurity guidance is very high-level and does not include a lot of detail. That can make it difficult to determine what, exactly, a plan sponsor and a vendor must do."

Tags: Cybersecurity  •  Health Plan Administration  •  Retirement Plan Administration

Cyber Insurance for 401(k) Plans Rises in Cost and Demand
Fred Barstein, via RPA Convergence Link to more items from this source
Aug. 19, 2021

"[C]overage is now harder to get, and it costs more, largely due to the higher volume of attacks that resulted in higher loss ratios for insurers.... [U]nderwriting is [now] done on an individual basis -- and applicants need to show that they have good cybersecurity practices. That includes having multifactor authentication, data backups in a secondary location that are updated regularly and having the ability to put all critical systems back online within 10 days of an attack[.]"

Tags: Cybersecurity  •  Retirement Plan Administration

Cybersecurity and Related Legal Risks Come Home to ERISA Plans (PDF)
Stradley Ronon, via Society of Financial Service Professionals Link to more items from this source
Aug. 10, 2021

"Plan sponsors will seek more transparency, whereas service providers may be reluctant to divulge too much on their cybersecurity defenses to guard against inadvertently offering up the keys to the castle. The balance of the two will become market practice. The DOL is ramping up enforcement in this area. Plan sponsors should also gird for class-action lawsuits with allegations of breaches of ERISA's duty of prudence when participant PII or plan asset data is mis-used."

Tags: Cybersecurity  •  Retirement Plan Administration

DOL Cyber Scrutiny Higher for 'Those Running the Systems'
American Retirement Association [ARA] Link to more items from this source
July 30, 2021

"[According to Tim Hauser, Deputy Assistant Secretary for National Office Operations at EBSA, the] most detailed proscriptive best practices in the recent DOL guidance were aimed at recordkeepers and 'those running the systems' -- and the DOL has higher expectations on cybersecurity practices among those organizations. Costs/risk exposure are a relevant consideration -- the [DOL] would expect quite a bit more of those who have more data, and more exposure."

Tags: Cybersecurity  •  Retirement Plan Administration

Cybersecurity Best Practices for Employer-Sponsored Benefits
Gallagher Link to more items from this source
July 29, 2021

"Begin with a solid working knowledge of the current cybersecurity threat landscape.... Develop and document a formal cybersecurity program.... How does your service provider selection process investigate an entity's ability to adequately protect data it will create, receive, transmit, or maintain on behalf of your employee benefits program? ... What level of oversight do your service provider agreements allow so that you can ensure the providers' security policy and procedure compliance? ... Train (and retrain) your employees at least annually."

Tags: Cybersecurity  •  Health Plan Administration  •  Retirement Plan Administration

Editor's Pick DOL Provides Cybersecurity Guidance
Georgetown University Center for Retirement Initiatives Link to more items from this source
[Guidance Overview]
July 28, 2021

"While it is understandable that plan sponsors, prompted by advisers and attorneys, would want their service providers to provide more and better information, the absence of a basic understanding of cybersecurity could result in requests that could inadvertently create greater risks. Service providers recognize the right of plan sponsors to confirm that their participants' data are protected, but have legitimate concerns that some of the information requested, if it becomes more widely available, could help cybercriminals breach systems, thus undermining that very security."

Tags: Cybersecurity  •  Retirement Plan Administration

Cybersecurity: Another Responsibility for Retirement Plan Sponsors and Fiduciaries
Enterprise Iron Link to more items from this source
July 27, 2021

"Besides the specter of a DOL enforcement action, this guidance should remind plan sponsors that if a cybersecurity breach ever impacts their plan, they need to be prepared. Class action lawsuits that argue that they chose the wrong service provider or that PII was misused or not protected are possible. Service Providers like recordkeepers, TPAs, and advisors will likely be inundated with requests to divulge the precise details of their cybersecurity and information security practices."

Tags: Cybersecurity  •  Fiduciary Duties  •  Retirement Plan Administration

DOL Plan Audits Updated to Include Several Questions About Compliance with Its Cybersecurity Guidelines
Jackson Lewis P.C. Link to more items from this source
[Guidance Overview]
July 26, 2021

"The DOL would like to see how plan fiduciaries are communicating with their service providers to assess service provider cybersecurity risk, as well as the documents and other materials from service providers concerning the processing of plan data. Importantly, the DOL is not just looking for cybersecurity related information. The agency apparently wants to know how service providers are permitted to use plan data."

Tags: Cybersecurity  •  Health Plan Administration  •  Retirement Plan Administration

Editor's Pick Cybersecurity Guidance Welcome, But Unanswered Questions Remain
The Wagner Law Group Link to more items from this source
[Guidance Overview]
July 26, 2021

"What personal information and/or confidential information must be safeguarded by plan administrators and other plan fiduciaries to comply with ERISA's fiduciary standards? ... For purposes of misappropriation of PPI, is PPI a plan asset under ordinary notions of property rights? Does the resolution of this question affect the application of ERISA Section 404 to protect PPI? ... What losses due to cybersecurity breaches in plans' or the plan service providers' systems are covered by a bond under ERISA Section 412 and implementing regulations?"

Tags: Cybersecurity  •  Retirement Plan Administration

Industry Best Practice: Fraud Controls (PDF)
The SPARK Institute Link to more items from this source
July 22, 2021

"Plan Sponsors are responsible for the overall security of [retirement plan] accounts. Recordkeepers must implement controls that reasonably protect, detect, and respond to fraudulent activity. Participants must act to use secure login credentials and monitor their accounts.... These controls should be a combination of preventative, detective, and responsive controls. [This] chart is intended to highlight a minimum set of controls that should be considered and set expectations for all parties involved."

Tags: Cybersecurity  •  Retirement Plan Administration

Enhancing Cybersecurity When Employees Work Remotely
Godfrey & Kahn S.C. Link to more items from this source
July 16, 2021

"[1] Ensure access to dedicated and skilled information technology resources ... [2] Manage the devices accessing your systems ... [3] Require strong passwords and implement multifactor authentication ... [4] Update, test and train employees ... [5] Monitor employee access and activity ... [6] Promptly terminate access ... [7] Develop and maintain an incident response plan ... [8] Implement a telecommuting/telework policy ... [9] Restrictive Covenant Agreements."

Tags: Cybersecurity

DOL Intensifies Cyber Readiness Inquiries Among Retirement Plan Administrators
Debevoise & Plimpton LLP Link to more items from this source
July 14, 2021

"The increase in DOL inquiries ... [is] surprising in light of the short amount of time that has elapsed since the DOL first published a summary of best practices in this area.... [M]any of the areas addressed by the summary involve fiduciary determinations (as opposed to non-fiduciary areas of plan design and administration), creating an added urgency to address cyber readiness for retirement plans."

Tags: Cybersecurity  •  Plan Audits by Government Agencies  •  Retirement Plan Administration

1 in 3 Employees Has Picked Up Bad Cybersecurity Habits Since Working Remotely
Voya Link to more items from this source
July 13, 2021

"[Y]ounger employees are most likely to admit they cut cybersecurity corners, with over half (51%) of 16-24 year olds and almost half (46%) of 25-34 year olds reporting they've used security workarounds.... Over one quarter of employees admit they made cybersecurity mistakes -- some of which compromised company security -- while working from home that they say no one will ever know about."

Tags: Cybersecurity  •  Health Plan Administration  •  Retirement Plan Administration

Implementing the 3-2-1 Backup Rule for Your Plan
Euclid Specialty Managers Link to more items from this source
July 13, 2021

"While [multifactor authentication] is an offensive tactic that safeguards data from hackers with more complex security measures, an efficient backup plan is your first line of defense should they gain access to your data.... The rules of the 3-2-1 backup strategy are straightforward: Consistently maintain 'three' or more distinctive copies of all system data. Retain 'two' copies of your backup data on different devices and separate storage media. Store 'one' backup copy offsite."

Tags: Cybersecurity  •  Health Plan Administration  •  Retirement Plan Administration

Cybersecurity for Plan Fiduciaries: Focus on Account Theft
PLANSPONSOR; free registration may be required Link to more items from this source
July 6, 2021

"One case can take your participant and you down a rabbit hole that might not have a great ending.... [No] matter how vigilant your plan's recordkeeper is, plan sponsors, plan fiduciaries and plan participants can and should take steps to protect retirement accounts from cyber theft. The recent DOL guidance is designed to outline what those steps might be."

Tags: Cybersecurity  •  Fiduciary Duties  •  Retirement Plan Administration

DOL's Cybersecurity Auditors Have Arrived: Here's the Request for Policies and Documents One Employer Received
Nixon Peabody LLP Link to more items from this source
[Guidance Overview]
June 24, 2021

"Knowing the information that will likely be sought during an audit can help companies and plan sponsors tailor and revise their cybersecurity compliance plans. Documented cybersecurity compliance efforts can minimize liability in the event of an audit.... [The authors] are already aware of several investigations that the DOL has commenced regarding cybersecurity practices."

Tags: Cybersecurity  •  Plan Audits by Government Agencies  •  Retirement Plan Administration

DOL Ups Its Game on Cybersecurity Program Oversight, Begins Audits
Pillsbury Winthrop Shaw Pittman LLP Link to more items from this source
[Guidance Overview]
June 24, 2021

"In light of the DOL's cybersecurity audit initiative, employers and fiduciaries should act now to ... [1] Review internal cybersecurity programs ... [2] Analyze service providers' cybersecurity programs and update service contracts ... [3] Review participant messaging around cybersecurity awareness and the importance of monitoring retirement plan accounts."

Tags: Cybersecurity  •  Plan Audits by Government Agencies  •  Retirement Plan Administration

SEC Issues First-Ever Penalties for Deficient Cybersecurity Risk Controls
Holland & Knight Link to more items from this source
June 23, 2021

"[T]he SEC and NYSDFS are now using their enforcement powers to ensure that companies implement robust cybersecurity risk management systems. With cyberattacks ever present and constantly evolving, it is only a matter of time that a company's cybersecurity risk management efforts and related controls ... will be exposed to regulatory scrutiny."

Tags: Cybersecurity  •  Fiduciary Duties  •  Retirement Plan Investments

DOL Issues Its First Cybersecurity Guidance for Plan Sponsors, Fiduciaries and Service Providers
King & Spalding Link to more items from this source
[Guidance Overview]
June 22, 2021

"[T]he new guidance more closely aligns the data privacy and security requirements of United States retirement plans with the requirements outside the United States and with general corporate standards. The guidance is based on the central premise that '[r]esponsible plan fiduciaries have an obligation to ensure proper mitigation of cybersecurity risks.' "

Tags: Cybersecurity  •  Retirement Plan Administration

CVS Health Leak Left Log of 1 Billion Searches Exposed Online
FierceHealthcare Link to more items from this source
June 17, 2021

"The database belonging to the healthcare and retail giant, which was not password protected, was discovered at the end of March by [an] independent cybersecurity researcher ... The data, collected from both CVS Health and CVS.com, represents website visitors logs that shows everything visitors searched for[.] ... 'We immediately investigated and determined that the database, which was hosted by a third party vendor, did not contain any personally identifiable information of our customers, members, or patients,' [a CVS] spokesperson said."

Tags: Cybersecurity  •  HIPAA

COVID-19, Cybersecurity Create New Litigation Risks for Benefit Plan Fiduciaries and Service Providers
PLANSPONSOR; free registration may be required Link to more items from this source
June 16, 2021

"As offices moved to remote work in 2020, the risk for cyberhacks heavily increased -- as did the possibility that litigation that could follow.... [E]mployers should be wary of potential COVID-19 litigation that involves financial distress from employees due to job loss, cybersecurity management and data privacy, business interruptions or continuities, and relations within the workforce."

Tags: Coronavirus (COVID-19)  •  Cybersecurity  •  Fiduciary Duties  •  Retirement Plan Administration

Individuals and Employers Aren't Following Password Best Practices
PLANSPONSOR; free registration may be required Link to more items from this source
June 16, 2021

"A survey in which 2,500 Americans were asked about their password behaviors and tendencies found a fifth of employers don't regularly require their employees to change their work program passwords.... [N]early one-quarter of respondents use the same passwords for their home and personal accounts.... [M]ore than half of respondents have admitted to checking their personal emails on work devices, increasing the likelihood of a malicious infection infiltrating a company's networks."

Tags: Cybersecurity  •  Retirement Plan Administration


<< Older News  |  September 20, 2021

© 2021 BenefitsLink.com, Inc.