Even if you are a small plan advisor, you have to realize that cyber attackers are always attempting to breach and steal your data. It may not be within what you expected when you started giving retirement plan advice, but cybersecurity and breach prevention are a big part of an investment advisor’s duties these days. So how can you as an advisor help to make your plan as secure as possible?
The main thing investment advisors have to do is to create a sound cybersecurity process. The first action you have to take within your process is to establish an inventory of exactly what data you are storing. Look at what it is and where it is kept. Then you need to look at controls you have on that data. Once you have determined what kind of data you are storing, where it is stored, and what controls you have on that data, you have to look at how you are currently monitoring whether the data has been breached or even accessed at all. In short, you have to know what data you have, where it is stored, and a way to know who has accessed it. Without this information, you cannot effectively monitor data breaches and prevent future ones.
You also have to be aware of applicable laws determining obligations to disclose data breaches. These can vary by state and also be determined by contractual terms or company policy. Then you have to determine how you will mitigate and remedy breaches should they occur. Even large companies like Sony and Equifax have been hacked. If a cyber attacker wants to, they can probably hack your company or plan too. Click here and turn to page 58 to learn more.
How can I mitigate and contain data breaches? Cyber liability insurance!
Colonial’s cyber insurance provides a services-based solution to help plan sponsors manage data breaches successfully. These services include a dedicated team of cyber breach professionals who assist plan sponsors at every stage of incident investigation and breach response. These professionals coordinate the carefully vetted forensics experts and specialized lawyers to help plan sponsors establish what’s been compromised; assess plan sponsor responsibility; and, notify those individuals affected. In addition, these services will also coordinate credit or identity monitoring, and PR advice to help the plan sponsor safeguard its reputation. Of course, Colonial’s cyber insurance also indemnifies and defends plan sponsors from covered lawsuits or regulatory actions, the risk of which may be reduced by a well-coordinated breach response, but can never be completely eliminated.
Ongoing governance and evaluation of recordkeepers can help protect data, but the only way to fully protect against a potential cyber attack’s data breach is to purchase cyber liability insurance from Colonial Surety Company.