Retirement plan sponsors must know what their service providers are doing toward cybersecurity. They must also put best practices in place in their businesses—and ensure that plan participants are following appropriate online security procedures. Here’s a refresh on the Department of Labor’s 3-prong cybersecurity strategy.
Number One: What’s Your TPA Doing?
The Department of Labor’s Cybersecurity Guidance explicitly directs plan sponsors to monitor the cybersecurity protocols of all service providers. Retirement plan sponsors face particular risks related to service provider cybersecurity breaches: failures can result in allegations of fiduciary breaches. Be sure to follow the Department of Labor’s Tips for Hiring a Service Provider with Strong Cybersecurity Practices. For further support implementing DOL procedures visit Spark Institute.
Even the most diligent retirement plan sponsor can never fully eliminate the likelihood that third party administrators will have cyber failings—and that means plan sponsors can never fully eliminate their own risk of allegations related to fiduciary failures. Why take chances? The annual cost of Colonial’s Cyber and Fiduciary Liability Package is less than the fee for one hour of expert legal defense if a lawsuit or regulatory challenge strikes. Cover yourself and the business you built in minutes today:
Number Two: What Are You Doing?
The legal experts at JD Supra urge retirement plan sponsors to adhere to the Department of Labor’s Cybersecurity Program Best Practices, which provides fiduciaries with protocols “for implementing and maintaining a cybersecurity program and guidance for plan fiduciaries seeking to ensure they make prudent decisions….” Among the specific protocols the DOL prescribes putting in place is a solid cyber breach response plan designed to prevent a cybersecurity incident from spiraling into a disaster. Across the country, plan sponsors and their third party administrators are getting expert response plans in place quickly and efficiently, via Colonial Surety’s affordable Cyber-Fiduciary Liability package, which includes:
- Expert-led response services following a data breach.
- Protection from lawsuits and regulatory actions related to the breach.
- Legal services.
- Computer forensic services.
- Public relations and crisis management expenses.
- Notification services.
- Call Center services.
- Credit and Identity monitoring
Now available with just a one year commitment, Colonial’s Cyber-Fiduciary Package also covers defense costs and penalty limits up to $1,000,000, if faced with claims of alleged or actual breaches of duty in connection with the employee retirement plan. Colonial makes it so efficient and reasonable that protection can be secured in minutes, now: Cyber and Fiduciary Liability Insurance Here.
Number Three: What Are Your Participants Doing?
Poor password hygiene, use of unsecured networks and other innocent mistakes routinely leave retirement plan participant information and funds exposed. That’s why the Department of Labor expects plan sponsors to ensure Online Security Tips are consistently communicated to all plan participants. Remember too, that though participants and service providers have a role in “reducing the risk of fraud and loss to retirement accounts,” plan sponsors retain the fiduciary obligation of protecting the funds— a risk that can never be fully eliminated. As ERISA law experts sum up:
It is clear that the DOL perceives cybersecurity issues as a significant threat to retirement plan benefits and seeks to ensure that plan sponsors, plan fiduciaries, and record-keepers are taking appropriate steps to address these issues. The DOL has begun to request fairly detailed cybersecurity information from employers whose retirement plans are under DOL audit. Employers should consider reviewing the DOL cybersecurity guidance to determine what changes, if any, they need to make to their current cybersecurity programs. Employers also should consider reviewing their current service provider agreements to discern whether they adequately address the issues identified in the DOL guidance. Finally, employers should consider sharing the DOL’s Online Security Tips with retirement plan participants.
Affordable Plan Sponsor Protection Here: Cyber and Fiduciary Liability Insurance
Good To Do
Recognizing the challenges plan sponsors face in monitoring the cybersecurity protocols of service providers, the Spark Institute helpfully provides “sample controls” which arm plan sponsors with a tangible way to communicate with service providers about their cybersecurity practices. Check out the 17 Sample Controls right here.
Pension plan professional? Colonial can help you make sure your plan sponsor clients have the coverage they need—and we’ve got you too. From Errors and Omissions Insurance to Fiduciary Liability Insurance, Employment Practices Liabiity Insurance–and more, we’re HERE with the coverages pension professionals need to keep the business going—and growing.
Colonial Surety Company is rated “A Excellent” by A.M. Best Company, U.S. Treasury listed and in business all across the country. Serving customers since 1930, we are the trusted source for the pension industry to secure legally required ERISA bonds, fiduciary liability insurance and cyber-liability insurance. We help safeguard plan sponsors, pension professionals and financial advisors — and keep their businesses compliant — with pain-free, efficient, and friendly service every time.