Retirement plan experts advise plan sponsors to step up preparedness for cyber attacks. Solutions built on “if” a cyber attack occurs are now less relevant than solutions built on “when”a cyberattack occurs. In other words, it’s best to assume that cybersecurity breaches will occur and put protections and responses in place accordingly.
Responding to Threats
Citing intelligence from Daniel Aronowitz, Managing Principal with Euclid Fiduciary, and David Levine, Principal at the Groom Law Group, the National Association of Plan Advisors explains:
In today’s current environment, it’s not a matter of if, but when, a plan will come under attack, because most benefit plans and service providers now rely on technology to expedite transactions that used to occur only on paper…Moreover, plans have an extensive amount of information and data that malicious actors want, including personal and financial data that is valuable on the dark web… “It’s important to remember that there’s an ecosystem here of how a plan operates and you, as the employer and plan sponsor, have a big role. When we talk about security, it not only relates to your vendors, but it relates to what you do internally with all your personnel,” Levine observed.
According to Aronowitz, the most common cyber attacks are now happening via:
- ransomware that includes extortion demands and holding data for ransom;
- business email compromise, such as social engineering and phishing schemes; and
- wire and retirement fraud involving fake invoice schemes and unauthorized loans and withdrawals.
Experts also point out that even failed cyber attacks, such as the placement of malicious software in the system, can be very disruptive. Figuring out the forensics of what happened and the legalities of who needs to be properly notified can be very costly.
That’s why a best practice that Colonial Surety helps plan sponsor put in place affordably and efficiently is a cyber breach response plan. In fact, Colonial Surety’s Cyber Liability Insurance includes a response effort led by forensic and legal experts. With Colonial’s coverage, upon a breach at your business, experts will identify what’s been comprised and coordinate the response. As needed, call-center support, credit and identity monitoring services and even public relations expertise are provided. Liability protection in the event of covered lawsuits or regulatory actions due to a data breach? Of course, that’s included too. Learn More and Obtain Cyber Liability Insurance Here.
Electronic Delivery and Email Compromises
Now that the Department of Labor (DOL) allows electronic delivery as a default for communications about the retirement plan, it’s even more important to be mindful of how emails can cause major cybersecurity breaches. For example, if an email account becomes compromised, a criminal could send a message that appears to be from a trusted contact and make what seems to be a legitimate request for personally identifiable information or fund distribution. Essentially, if a business or personal email becomes compromised, a lot of other protections can be wiped out in an instant.
As the tactics of cybercriminals evolve, so to do the regulatory expectations for plan sponsors. Consider, for example, the “guidance” issued by the Department of Labor (DOL) in 2021. Experts explain: “The DOL issued its first formal cybersecurity guidance for plan sponsors in the form of best practices, including in handling plan service providers. While that guidance is not necessarily binding, the DOL is going to treat it like it is…” In fact, a cyber breach can even result in costly allegations of an ERISA fiduciary breach: any individual involved in the management of a retirement plan of any size can face personal exposure because of the high duty of care associated with protecting the retirement assets of employees. Don’t go it alone. At Colonial Surety, you can affordably obtain fiduciary liability insurance and cyber liability coverage along with your required ERISA bond. We even lock in multi-year rates and offer installation payments. For the best value and protection Choose Your Package Now.
Colonial Surety Company is rated “A Excellent” by A.M. Best Company, U.S. Treasury listed and in business all across the country. Serving customers since 1930, we are the trusted source for the pension industry to secure legally required ERISA bonds, fiduciary liability insurance and cyber-liability insurance. With a Trustscore of 4.8, we help safeguard plan sponsors, pension professionals and financial advisors — and keep their businesses compliant — with pain-free, efficient, and friendly service every time.