Question: Cybersecurity will be a big topic for our year-end plan review meeting with our advisor and recordkeeper relationship manager. To help us prepare for that discussion, has there been any guidance issued from the Department of Labor?
Answer: Earlier this year, the U.S. Department of Labor (DOL) released first-ever guidance for plan sponsors, plan fiduciaries, recordkeepers, and plan participants on best practices for maintaining cybersecurity. In addition, the DOL issued informal guidance noting that “responsible plan fiduciaries have an obligation to ensure proper mitigation of cybersecurity risks.”
- The first piece of guidance offers tips for hiring a service provider with strong cybersecurity practices and monitoring their activities
- The second piece of guidance lays out cybersecurity program best practices to help plan fiduciaries and recordkeepers stay on top of their responsibilities to manage cybersecurity
- Lastly, the DOL issued online security tips aimed at plan participants and beneficiaries who check their retirement accounts
You can access EBSA’s full guidance here.
To view our cybersecurity webinar: Demystifying DOL’s Guidelines, click here.