Pop quiz: exactly where in the world is your retirement plan data? Who is it available to—and how do they secure it? Experts stress drilling down on these questions with plan administrators and record keepers as part of your cybersecurity diligence.
Use a CIA Framework
When it comes to your retirement plan data, always be thinking about Confidentiality, Integrity and Availability (CIA), advised experts at the recent Plan Sponsor National Conference. Keep this framework front and center in work with plan administrators, record keepers—and really, anyone who has a role related to the management of your retirement plan. As a fiduciary, it’s your responsibility to consistently question and know how both the money and data in your retirement plan are accessed and protected.
Brett Shofner president of Work Plan Retire emphasizes:
The plan sponsor has to be specific and drill down on things, like making the recordkeeper answer if they are using other third parties in outside countries, and do they forbid the sale or distribution of that data? Ask then about the standards that they have. Study the service agreement and understand what they are promising to do and hold them to it.
We are realizing that a lot of plan sponsors are not asking these questions….In a court of law, one could argue that this is not a prudent position to be in. Asking about their insurance agreements, their standards and their handling of data is critical.
Another Question: What If There Is a Breach?
It’s also important to be covered should there be a breach involving your retirement plan data. Secure a unique, full-service coverage solution from Colonial Surety Company Select an affordable package and obtain:
- The ERISA bond required to protect the assets of the retirement plan from theft;
- Cyber Liability coverage to safeguard your company and plan from covered losses and expenses in the event of a cyber breach; and,
- Fiduciary Liability coverage to protect you and your assets from personal liability.
In the event of a retirement plan data breach, plan sponsors with Colonial’s Cyber Liability coverage receive:
- Breach resolution and mitigation services
- Computer expert services
- Legal services
- Public relations and crisis management expenses
- Customer notification and call center services.
It Is Always Worth Asking
Guidance at the Plan Sponsor National Conference included the importance of checking with “Tier 1” vendors—those who handle personally identifiable information of plan participants—every six months, and “Tier 2” vendors annually. During those conversations, don’t be shy about asking plenty of questions—and documenting the responses. Here are some examples of questions to ask:
- Who owns the data?
- Who is the data shared with?
- Who accesses the data?
- Who performs the “tabletop exercise”? (Security scenarios)
- How often are tabletop exercises done?
It’s also worth asking yourself, as a plan sponsor, if you have the coverage you need!
Let Colonial Surety Company provide you with user-friendly, digital and direct service.
When you choose your ERISA bond package with Cyber Liability coverage, you can even include Fiduciary Liability insurance to protect yourself from covered acts as the plan sponsor. Colonial’s comprehensive ERISA bond packages offer up to $1,000,000 of fiduciary liability insurance coverage and provide the greatest protection and overall cost savings.
A leader in the field, Colonial Surety Company is U.S. Treasury listed, rated “A Excellent” by A.M. Best Company, and, licensed for business everywhere in the USA.