The Department of Labor (DOL) recently updated its cybersecurity rules for ERISA-covered plans. These new rules help protect the sensitive information of millions of people with retirement plans. Plan sponsors, administrators, and service providers need to understand and follow these new rules to reduce cybersecurity risks.
Why cybersecurity is important for retirement plans
ERISA-covered plans handle a lot of sensitive data, like the personal and financial information of participants. Cybersecurity threats can put this data at risk, and if it gets stolen, it could lead to identity theft or financial loss. The DOL’s updated rules highlight the need to protect retirement plans from these growing threats.
Guidelines for plan sponsors and fiduciaries
The DOL rules provide important guidelines that plan sponsors and fiduciaries should follow to improve cybersecurity. These practices include creating a strong cybersecurity program, doing regular risk assessments, and monitoring systems continuously. The rules also stress the importance of checking the security practices of service providers before hiring them to make sure they have good protections in place.
Participant education and awareness
Another important part of the updated rules is educating participants. The Department of Labor recommends giving participants advice on how to protect their accounts from cyber threats. This includes using strong passwords, recognizing phishing scams, and reporting suspicious activity. Educating participants helps them take action to keep their retirement savings safe.
Overseeing service providers
The DOL also stresses the importance of making sure service providers follow strong cybersecurity practices. This includes having contract terms that require the provider to use strict data security rules, do yearly audits, and tell the plan about any security breaches. Proper oversight lowers the chances of breaches affecting plan participants.
The DOL’s updated cybersecurity rules give plan sponsors, fiduciaries, and service providers a guide to protect sensitive data. By following these rules, they can improve the security of retirement plan information and reduce the risks of cyber threats.