Cybercriminals consider attacks against retirement accounts a lucrative business. That’s why they don’t blink at putting in extra time and effort to invade our hard earned retirement savings. Experts remind plan sponsors to keep cybersecurity—and the guidance from the Department of Labor front and center.
When it comes to cyber threats against retirement plans, experts at the National Institute on Retirement Security, remind us: “the bad guys are doing their research….They are very well informed, they are viewing this as a business opportunity.They put in the work and don’t take short cuts, because the opportunities can be so lucrative.” To protect accounts, security advisors point out it is no longer sufficient, for example, to simply ask participants to confirm personal information like their address or phone number: “Account takeover attempts are becoming more frequent, and that knowledge-based verification, such as asking a client to state their address or phone number, is not as solid as it once was, since fraudsters have access to personal information….Retirement cybersecurity professionals need secondary controls, such as requiring a personal PIN or account number that would be not publicly available.”
Another essential element of cybersecurity, according to experts is diligent
“coordination between departments such as IT, risk, legal and cybersecurity…to prevent information from being siloed off between them. Regular interdepartmental meetings should be encouraged.” Conducting a comprehensive cybersecurity assessment at least once a year is also advisable, as is bringing in impartial expert reviewers to assess security protocols with fresh eyes. Recent ERISA litigation also makes it particularly important for plan sponsors to be prepared to answer key questions about the cybersecurity protocols of service providers, including, “Are we sure our service providers and their subcontractors adhere to appropriate data security policies and practices?” As Plan Sponsor points out, it’s important, for example, to understand how the employees of third party administrators are trained:
…Fraudsters will often try to manipulate staff into offering pieces of information that the fraudster lacks, such as by suggesting an answer or appearing sympathetic or forgetful in order to solicit missing pieces of identifying information. It is essential that employees working in customer service be trained to recognize these manipulation tactics, but also be sympathetic to the fact that some clients may be losing their memory or other mental faculties as they age.
Another important action step for plan sponsors is putting a cyber breach response plan in place. Doing so is among the specific cybersecurity actions included in the DOL’s Cybersecurity Guidance. A cyber breach response plan prevents incidents from spiraling into disasters. Plan sponsors across the country can get their response plans in place immediately via Colonial Surety’s affordable Cyber-Fiduciary Liability package, which includes:
- Expert-led response services following a data breach.
- Protection from lawsuits and regulatory actions related to the breach.
- Legal services.
- Computer forensic services.
- Public relations and crisis management expenses.
- Notification services.
- Call Center services.
- Credit and Identity monitoring
Now available with just a one year commitment, Colonial’s Cyber-Fiduciary Package, also covers defense costs and penalty limits up to $1,000,000, if faced with claims of alleged or actual breaches of duty in connection with the employee retirement plan. Remember, because a cyber breach can quickly spiral into allegations of a fiduciary breach, it’s critical for retirement plan sponsors to have both cyber and fiduciary liability protection. Colonial makes it so efficient and reasonable that you can secure your protection in minutes now:
Even the most diligent plan fiduciary can never fully eliminate the possibility of a cyber breach. Similarly, plan fiduciaries can never fully eliminate the risk of being held personally liable for fiduciary breaches. Why take unnecessary risks? The annual cost of Colonial’s Cyber and Fiduciary Liability coverage is less than the fee for one hour of expert legal defense if a lawsuit or regulatory challenge strikes you and your business. Get covered, in minutes, today:
Pension plan professional? We’re here to help you make sure your plan sponsor clients have the coverage they need—and we’ve got you too. From Errors and Omissions Insurance to Fiduciary Liability Insurance, Employment Practices Liabiity Insurance–and more, we’re HERE with the coverages pension professionals need to keep the business going—and growing.
Colonial Surety Company is rated “A Excellent” by A.M. Best Company, U.S. Treasury listed and in business all across the country. Serving customers since 1930, we are the trusted source for the pension industry to secure legally required ERISA bonds, fiduciary liability insurance and cyber-liability insurance. We help safeguard plan sponsors, pension professionals and financial advisors — and keep their businesses compliant — with pain-free, efficient, and friendly service every time.