Did you read our blog, DOL Issues Cybersecurity Guidance for Employee Benefit Plans? You’ll want to check it out for important guidance released this past spring regarding cybersecurity guidance for plan sponsors, plan fiduciaries, record keepers and plan participants of employee benefit plans. As we celebrate Cybersecurity Awareness Month, here’s a refresher on that guidance.

DOL EBP guidance

Check out our blog for all the details, but essentially the guidance comes in three forms:

  1. Tips for hiring a service provider (for plan sponsors and fiduciaries), including what to ensure in your service provider contract:
    -Awareness of provisions that may limit the service provider’s responsibility for security breaches
    -Intentional inclusion of terms that would increase protection for the Plan and participants
    -Information Security Reporting
  2. Cybersecurity program best practices (for fiduciaries and record-keepers), including:
    -Formal and documented cybersecurity program
    -Annual risk assessments
    -Third-party audit of security controls
  3. Online security tips (for participants and beneficiaries), including:
    -Use multi-factor authentication (text messages or e-mail)
    -Be Wary of free wi-fi

Questions? Contact us.