Retirement plan fiduciaries often rely on their service providers to create the electronic systems used to maintain participant data and conduct electronic transactions involving plan assets—so the Department of Labor is paying special attention to these relationships.
From reputational damage to the downstream effect of more expensive fiduciary liability insurance, advisory firms have a lot to lose from lax cybersecurity practices.
Earlier this year, the agency published a list of 2021 examination priorities that prominently featured issues pertaining to cybersecurity, and now it has sanctioned eight firms for related cybersecurity failures.
The protection provides coverage for the costs of legal services, computer forensic services, public relations and crisis management expenses, and more.
The standards it’s developing provide ‘more explicit guidance’ to decrease cyber fraud.
The guidance, which is the first of its kind, includes best practices and tips for protecting retirement benefits.
The Government Accountability Office calls for more guidance on cybersecurity matters and lists recommendations for the DOL to implement.
‘Credential stuffing’ is a method of cyberattack to client accounts that uses compromised client login credentials, resulting in the possible loss of customer assets and unauthorized disclosure of sensitive personal information.
The unexpected economic downturn caused by COVID-19, along with the rapid shift to remote work, made those businesses with few resources even more vulnerable.
While the GDPR does not directly address U.S. benefit plans, it should be of particular interest to defined contribution plan sponsors and their service providers because they hold personal information for each plan participant.