You! Although retirement plan sponsors and third party administrators may think of cybersecurity as a giant and never-ending swamp that would be nice to avoid, experts remind us that our vigilance is really the last line of defense when it comes to protecting plan participants—and their data and savings—from cybercriminals.
Acting on Cybersecurity
Since throwing up our hands in response to the rise in cybercrime is not an option, leaning in on how to improve cybersecurity is a must for both plan sponsors and their third party administers. One obvious must do is having an expert response plan at the ready in the event of a cyber incident. Whether a breach is big or small, it is critical to address it—and analyze why the breach happened. Speaking on an expert panel convened by the American Society for Pension Professionals and Actuaries (ASPPA), Heather Bader, partner at Faeger Drinker Biddle & Reath, advises finding out:
- what happened;
- who failed; and
- what was in place to prevent it.
Bader also pointed out that when policies and protocols are in place but not followed, “that’s a problem,” for plan sponsors and their third party administrators to dig in on. Experts on the ASPPA panel recommended a variety of proactive steps for third party administrators to take toward cybersecurity—and reminded plan sponsors of their obligation to consistently address cybersecurity when selecting and monitoring TPAs. Recommended actions include:
- Stay up to date on software.
- Delineate duties related to cybersecurity.
- Use multifactor authentication.
- Read and understand your cyber policy.
- Have malware scans conducted.
- Make it easy for employees to report suspicious activity.
- Monitor banking activity; Brakefield said that her firm does so on a daily basis.
- Document how you are going to contact clients about a breach.
- Rotate service providers.
Having a cyber breach response plan at the ready can make all the difference in whether or not a cybersecurity incident spirals into a disaster. It’s possible to put a response plan in place today via Colonial Surety’s affordable Cyber-Fiduciary Liability package, which includes:
- Expert-led response services following a data breach.
- Protection from lawsuits and regulatory actions related to the breach.
- Legal services.
- Computer forensic services.
- Public relations and crisis management expenses.
- Notification services.
- Call Center services.
- Credit and Identity monitoring
Now available with just a one year commitment, Colonial’s Cyber-Fiduciary Package, also covers defense costs and penalty limits up to $1,000,000, if faced with claims of alleged or actual breaches of duty in connection with the employee retirement plan. Remember, because a cyber breach can quickly spiral into allegations of a fiduciary breach, it’s critical for retirement plan sponsors to have both cyber and fiduciary liability protection. Colonial makes it so efficient and reasonable that you can secure your protection in minutes now:
Word To The Wise…
“You may be the last line of defense,” is the reminder Genelle Brakefield, Vice President of Ekon Benefits, shares with pension plan professionals. Dave Scott, Deputy Assistant Director of the FBI Cyber Division puts it this way: “Not to put any pressure on you, but it’s up to you to protect those plan participants….” Of course the Department of Labor has much to say on the importance of taking action on cybersecurity too: it’s always wise for plan sponsors and TPA’s to brush up on the DOL’s Cybersecurity Guidance. Recent ERISA litigation points to the necessity of plan sponsors being able to answer questions about the cybersecurity protocols in used by service providers, including, “Are we sure our service providers and their subcontractors adhere to appropriate data security policies and practices?”
Even the most diligent plan sponsor can never fully eliminate the possibility of a cyber breach—or the risk of being held personally liable for fiduciary breaches—like failure to adequately monitor service providers. It’s unwise for anyone with a role in managing retirement accounts to take unnecessary risks. The annual cost of Colonial’s Cyber and Fiduciary Liability coverage is less than the fee for one hour of expert legal defense if a lawsuit or regulatory challenge strikes you and your business. Get covered, in minutes, today:
Pension plan professional? We’re here to help you make sure your plan sponsor clients have the coverage they need—and we’ve got you too. From Errors and Omissions Insurance to Fiduciary Liability Insurance, Employment Practices Liabiity Insurance–and more, we’re HERE with the coverages pension professionals need to keep the business going—and growing.
Colonial Surety Company is rated “A Excellent” by A.M. Best Company, U.S. Treasury listed and in business all across the country. Serving customers since 1930, we are the trusted source for the pension industry to secure legally required ERISA bonds, fiduciary liability insurance and cyber-liability insurance. We help safeguard plan sponsors, pension professionals and financial advisors — and keep their businesses compliant — with pain-free, efficient, and friendly service every time.