The federal Cybersecurity and Infrastructure Security Agency, (CISA), reminds us that it’s time to take four steps to better protect our businesses. Of course it is especially critical for retirement plan sponsors to guard against the impact of cyber breaches to both the plan and the business. Here’s the latest advice from experts.
Four Steps For Businesses
CISA is encouraging all businesses to reduce the risk of cyber threats by attending to basic security measures. As the “operational lead for federal cybersecurity and the national coordinator for critical infrastructure security and resilience,” CISA leads
“the national effort to understand, manage, and reduce risk to our cyber and physical infrastructure,” and urges all businesses to take a proactive approach, pointing out:
Your business is digitally connected—to employees, vendors and customers. Your systems store sensitive information. Sensitive business information and customers’ and employees’ personal data could be at risk from online threats. No business is too small to be a target for online crime—the fact is, small businesses are much more likely to be targeted by cybercriminals than larger companies…..A majority of small and medium-sized businesses who suffer a cyberattack often close as a result? It’s hard to recover financially from a cyber-attack. This doesn’t have to happen to you!….Businesses that don’t take basic precautions are at risk…..Make it harder for malicious actors to access your data or trick an employee into allowing access to your systems.
Indeed, by taking basic actions, all businesses can significantly reduce the risks and damages associated with cyber breaches. Specifically, CISA advices all businesses to take these four steps:
Harmful links or attachments could provide unauthorized access to information or infect your network with malicious code. This can result in data being held for ransom.
This is one of the easiest ways to protect your business from criminals who might otherwise access your accounts by guessing or automating hacking programs.
Using more than a password to access an account—such as a texted code, authenticator app, fingerprint or access card—makes an account safer than a password alone!
Flaws give criminals an opening. Programmers publish patches, but you must install them to get their protection. Smaller businesses are often running outdated software because they don’t have full-time IT staff keeping up.
Additional Actions for Retirement Plan Sponsors
Providing a company sponsored retirement plan is an increasingly critical benefit–and one that requires extra vigilance related to cybersecurity. Leaders at the Department of Labor (DOL) remind us: “It seems like not a day goes by where we’re hearing about a different breach… but it’s a continuing struggle….”Cybersecurity experts point out that it’s best for businesses to be prepared for breaches, because it’s no longer a matter of “if” incidents will occur, but when. For plan sponsors, cybersecurity takes on heightened importance since even a relatively minor incident can rapidly spiral into a fiduciary breach.
Stay up to speed on the Department of Labor’s Cybersecurity Guidance, which explicitly directs plan sponsors to monitor the cybersecurity protocols of all service providers, put response plans in place and implement best practices. Small and midsize businesses that lack the capabilities of larger companies may find CISA’s associated resources especially helpful. Experts further advise plan sponsors to create “a rolling calendar via which important topics like cybersecurity and participant data are regularly brought up for internal discussion among key stakeholders including HR, finance, legal, IT and communications.”
Colonial Surety is here to help business owners and plan sponsors too. Toward preventing cyber incidents from spiraling into fiduciary challenges, we even include a cyber breach response plan in our affordable Cyber+Fiduciary Liability Insurance package. Along with defense costs and penalty limits up to $1,000,000, our liability insurance package for plan sponsors includes:
- Expert-led response services following a data breach.
- Protection from lawsuits and regulatory actions related to the breach.
- Legal services.
- Computer forensic services.
- Public relations and crisis management expenses.
- Notification services.
- Call Center services.
- Credit and Identity monitoring
Protect yourself, your business and the plan, efficiently and affordably today:
Under the high standards of ERISA law, plan sponsors are fiduciaries and can be held personally liable for errors–even when services are outsourced. Regulatory audits, lawsuits, cybersecurity incidents or the mere allegation of a fiduciary breach turn out to be extremely costly and disruptive to business owners. With Colonial on your side, a few dollars a day ensures defense costs and penalty limits up to $1,000,000 if faced with alleged or actual breaches of duty in connection with the employee retirement plan. Colonial’s efficient and affordable fiduciary+cyber liability package is right here for you:
Pension Plan Professional?
Let Colonial help you make sure your plan sponsor clients have the coverage they need. Of course we have got you covered too! From Errors and Omissions Insurance to Fiduciary Liability Insurance, Employment Practices Liability Insurance–and more, we’re HERE with the coverages pension professionals need to keep the business going—and growing.
Colonial Surety Company is rated “A Excellent” by A.M. Best Company, U.S. Treasury listed and in business all across the country. Serving customers since 1930, we are the trusted source for the pension industry to secure legally required ERISA bonds, fiduciary liability insurance and cyber-liability insurance. We help safeguard plan sponsors, pension professionals and financial advisors — and keep their businesses compliant — with pain-free, efficient, and friendly service every time.