What is Cybersecurity?

Cybersecurity consists of all the technologies and practices that keep computer systems and electronic data safe. In a world where more and more of our business and social lives are online, it’s an enormous and growing field. Effective cybersecurity measures are critical to protect against a variety of threats, including malware, phishing attacks, and data breaches. With the increasing sophistication of cybercriminals, TRA continuously updates their security protocols to safeguard sensitive information and maintain trust with customers. This is especially important in retirement plan cybersecurity, where protecting retirement savings and personal data is paramount.

Why Cybersecurity Matters

Cybersecurity is important to you… It’s important to us too.

Your retirement plan contains sensitive information that needs protection. Retirement plan cybersecurity ensures this information is safe from cyber threats, fraud, and identity theft. At TRA, we prioritize robust cybersecurity measures to safeguard your data, ensuring your retirement savings remain secure and allowing you to plan for your future with confidence. We employ advanced encryption, multi-factor authentication, and continuous monitoring to protect against unauthorized access and potential breaches. With our commitment to the highest security standards, you can trust TRA to keep your retirement information secure following cybersecurity guidance for plan sponsors.

 

Our Approach

At TRA, cybersecurity is woven into the fabric of our operations. We follow the Department of Labor’s 12 cybersecurity guidelines for plan sponsors to ensure the highest protection standards. These guidelines include:

  1. Conducting annual risk assessments.
  2. Implementing stringent security controls and policies.
  3. Ensuring access control for sensitive data.
  4. Encrypting data at rest and in transit.
  5. Providing regular cybersecurity training.
  6. Maintaining an incident response plan.
  7. Reviewing third-party security practices.
  8. Utilizing multi-factor authentication.
  9. Updating and patching systems regularly.
  10. Enforcing secure data disposal policies.
  11. Holding cybersecurity insurance.
  12. Complying with all legal and regulatory requirements.

Learn How TRA Addresses DOL Guidelines

Cybersecurity FAQ’s

    • What are your processes and systems for dealing with cybersecurity threats and protection of personal identifiable information?

      TRA mitigates threats through employee training on identifying suspicious activity. TRA safeguards personally identifiable information through our two-factor authentication process for users outside of our trusted network. Furthermore, TRA requires mandatory security training for all employees.

    • Are the company's Microsoft based servers and PCs (in all forms) running the latest operating system and are these systems regularly updated?

      All of TRA’s Microsoft-based servers and PCs are running currently supported operating systems, which are up to date on security patches and bug fixes.

    • What are the service provider's procedures for notifying the employer of a breach of service provider's system?

      TRA is committed to following all industry standards and legal guidelines for notifying clients affected by a breach within the necessary timeframes.

    • Are there any limitations on the service provider's liability?

      TRA’s liability is limited in accordance with its service contract, applicable law, and provisions of its insurance coverage.

    • Does the service provider have policies on storing personally identifiable information including where it is stored, how long it is stored, and how it is eliminated?

      Yes.

    • How do you validate your procedures and practices, and what levels of security standards have you met and implemented?

      TRA follows and adheres to many industry best practices, such as keeping operating systems and applications up-to-date and patched, two-factor authentication, encryption, secure VPN connections, secure email, internal phishing tests, cybersecurity training, etc. We run and review reports on applicable items to make sure nothing is missed.

    • How is indicative data including social security numbers protected against fraud/theft (both internal and external threats), and what security protocols are in use to guard against fraud/theft?

      We use industry best practices for security such as 2FA remote access, SSL web certificates, encrypted data transfers, encrypted remote connections, and encrypted emails. Our physical server systems are kept in dedicated locked rooms within our facilities which only the appropriate personnel have access to.

    • Are technology systems regularly updated?

      Relius Administration is upgraded twice per year or more, Relius Documents and PensionPro Workflow are subscriptions based and the vendors will update them more frequently.

    • Does the company have a privacy and security policy, and does the policy apply to personally identifiable information of retirement plan clients?

      Yes, TRA has a privacy policy which does apply to personally identifiable information.

Pattern

Consider TRA's 3(16) Fiduciary Services & Plan Administration

To alleviate the day-to-day administrative burdens of yours or your clients retirement plans.
PLAN NOW