Recent guidance provided by the Department of Labor serves as a convenient roadmap for evaluating the cybersecurity practices of current your service provider, or as a checklist when seeking a new retirement plan partner.
The pandemic changed many people's daily behaviors — including hackers. Though bank accounts have long been a popular target for cyber criminals, they're now turning their attention to new types of financial accounts, including your company's retirement plan.
That's why the U.S. Department of Labor (DOL) unveiled new cybersecurity guidance for plan sponsors, fiduciaries, record-keepers and plan participants earlier this year.
In a recent webinar, ADP Global Chief Security Officer Dave Martin offered four tips for plan sponsors to think through the DOL's guidance and be prepared for future cybersecurity threats.
Document what's already in place. Take the time to capture in detail your company's current cybersecurity and information security program policies, procedures and guidelines related to your retirement plan. Use this information to:
- Identify gaps that put your plan at risk and develop a plan to address them sooner rather than later
- Conduct regular reviews of the security protocols you've documented and conduct regular reviews to make sure they're rigorous enough for the latest threats
- Define roles and responsibilities for implementing internal policies and procedures
Keep detailed records moving forward. Document in writing the specific actions taken by your plan's fiduciaries and providers throughout the plan year, including those in response to the DOL's guidance.
Stay on top of general security processes. Conduct regular reviews of your company's overarching cybersecurity programs and policies, not just those related to your retirement plan. Confirm that they're being followed by all employees and vendors, and that they're sufficient to withstand emerging threats.
Share your knowledge. Involve your employees in the cybersecurity process. Let them know what's being done and why, and implement ongoing training on best practices for protecting personal as well as organizational data.
More about the DOL guidance
For plan sponsors, the recent guidance provided by the DOL serves as a convenient roadmap for evaluating the cybersecurity practices of your current service provider, or as a checklist when seeking a new retirement plan partner.
Ask questions like these to make sure they're 100% committed to cybersecurity:
- Is there a well-documented cybersecurity plan in place?
- Do they conduct annual risk assessments?
- How do they ensure that data managed by third-party providers is subject to the appropriate reviews and assessments?
- Is data secured while stored as well as in transit?
- Do they conduct regular cybersecurity awareness training?
- How have they responded to past cybersecurity incidents? What was the outcome?
Protection from the partner you trust
When it comes to cybersecurity for your retirement plan data, we know what's on plan sponsors' minds — because it's on our minds, too.
From fighting fraud and real-time threats to protecting privacy and planning for business resilience, ADP is one of just a few Fortune 500 companies to have a true, global converged security program. We're committed to protecting the confidentiality, integrity and availability of our infrastructure and services by managing the risks and threats we face using the best controls available.
We focus on what's happening next, so you can stay focused on your business.
Register for and launch this webcast anytime: Protection You Need From The Partner You Trust
Unless otherwise disclosed or agreed to in writing with a client, ADP, Inc. and its affiliates (ADP) do not endorse or recommend specific investment companies or products, financial advisors or service providers; engage or compensate any financial advisors to provide advice to plans or participants; offer financial, investment, tax or legal advice or management services; or serve in a fiduciary capacity with respect to retirement plans. ADPRS20210823-2392
Subscribe to SPARK updatesSign up