In this age of relying heavily on technology, it is vital to take the necessary cybersecurity precautions. You want to make sure all sensitive information is highly protected. This document showcases some tips and tricks for plan sponsors.
Topics include: Security Standards, Establishing a Formal Cybersecurity Program, Using Multi-Factor Authentication, Cybersecurity Insurance, and much more.
Per the DOL, plan sponsors should ask the service provider about the following:
• Security Standards
• Security Practices
• Security Policies
• Audit Results
• Security Validation Process
• Security Levels Implemented
• Past Security Breaches
• Cybersecurity Insurance
• Cybersecurity Guarantee
Per the DOL, plan sponsors should consider the following actions:
• Establish a formal Cybersecurity Program
• Conduct annual risk assessments
• Hire a third party to audit security controls
• Define and assign information security roles and responsibilities
• Establish strong access-control procedures
• If data stored in cloud or with third party, conduct security reviews
• Conduct cybersecurity awareness training
• Implement secure system development lifecycle
• Create effective business resiliency program
• Encrypt sensitive data
• Respond to cybersecurity events
Per the DOL, plan participants should consider the following actions:
• Register your account
• Regularly monitor your account
• Use strong and unique passwords
• Use multi-factor authentication
• Keep personal contact information current
• Close or delete unused accounts
• Do not use free Wi-Fi
• Beware of Phishing attacks
• Do not store login information in your email account
• Use up-to-date anti-virus software
• Report identify theft to your employer and the record-keeper
If you are concerned about the status of your cybersecurity as a sponsor, or would like more tips to implement with your plan participants, please reach out to a KerberRose Trusted Advisor. Our team of experienced fiduciaries and Technology experts are more than happy to help.