The Department of Labor Issues Cybersecurity Guidance: What It Means For Your Business Retirement Plan

Retirement plans covered under the Department of Labor’s Employee Retirement Income Security Act of 1974, or ERISA, have assets nearing $9.3 trillion. Those same plans are primarily online, linked to participants’ financial accounts and personal information. Combine this with the 100% rise in ransomware attacks in 2021 compared to 2020, and it’s clear why the DOL has issued cybersecurity guidance. Here’s what you need to know.

Cybersecurity Is Your Fiduciary Responsibility

The fiduciary responsibility to be effective stewards of a business retirement plan has been clearly laid out in ERISA from the beginning. Any of the following personnel are held to its requirements:

  • The plan investment committee
  • Plan trustees, and
  • Plan administrators.

Now the DOL is saying that responsibility extends beyond the passive act of avoiding mismanagement and bad investments into the active realm of protecting data.

How To Use The Guidance

Cybersecurity guidance is a roadmap to making sure you are actively protecting your employee’s data and finances through a three-pronged approach: program best practices, how to hire a service provider with strong cybersecurity and security tips.

Do not treat the guidelines as advice that can be ignored, or implemented as you see fit. To protect yourself from potential lawsuits after a breach, your company should be revisiting your computer policies and cybersecurity to meet each point of the guidance.

Responses are currently closed, but you can trackback from your own site.

Comments are closed.