5 Ways plan sponsors can boost cybersecurity with retirement planning

Two coworkers inspect cybersecurity on company devices.

Retirement plans hold millions of dollars in participant funds, and plan operational platforms maintain highly sensitive participant information, creating a situation ripe with the risk of identity theft. With this in mind, retirement plans become a focused target for cyber-criminals and cyberattacks. Plan sponsors have a fiduciary obligation to ensure that the plan has proper mitigation of cybersecurity risks and that the participants retirement money and data are secure.

To help support and assist plan sponsors mitigate cybersecurity risk, the U.S. Department of Labor (DOL) has recently announced new guidance on best practices for maintaining cybersecurity, including tips on how to protect the retirement benefits of U.S. workers. The guidance is not only directed at plan sponsors, but also plan fiduciaries, plan participants and beneficiaries.

While this notice from the DOL is currently only guidance, and the DOL is currently not taking any enforcement action, it is still important for plan sponsors to be mindful and practice good cybersecurity behaviors. Here are five tips plan sponsors can keep top of mind as they determine if their current cybersecurity practices need improvement.

1. Familiarize yourself with DOL guidance

The DOL guidance was developed to help plan sponsors protect themselves against any possible risk of a cyber theft. Familiarizing yourself with the guidance can help to keep your data and the participant's information secure in the long run, and can keep you informed on the threats and warnings signs of cyberattacks.

2. Analyze current policies, then make a plan

After taking the time to understand the guidance provided, a plan sponsor should also identify what current policies they have in place, if any at all, and understand what can be changed to increase cybersecurity. This process can help you determine what needs to be addressed within your organization to minimize risk.

Next, you should make a plan to address these issues. Whether it be installing a cybersecurity platform, actively monitoring online activities, conducting regular risk assessments, and more, there should be a plan prepared and documented to help respond to any and every potential threat in relation to the retirement plan.

3. Review your service providers

With cyber threats on the rise, it has never been more important for an organization to understand the cybersecurity processes that are in place for their service providers, as well. This is because a hole in a service providers system could eventually lead to a gap in your security too.

Take the time to connect with your service providers to understand if they are also taking the necessary precautions or have a platform they are using to protect themselves against cyber criminals. A lack of cybersecurity on their end may be a red flag and should cause you to ask questions about their lack of cybersecurity.

4. Gather and organize all related documents

Plan sponsors should be taking initiative when it comes to gathering and maintaining all related documents in one location. This enhanced organizational process can help a plan sponsor to ensure that they're monitoring and securing all important documents in one place, including data and participants' sensitive information, ensuring security for all.

5. Take it seriously

Two coworkers inspect cybersecurity on company devices.

It is no secret that cyber criminals are strengthening their tactics, causing businesses and their employees to fear a potential breach in cybersecurity. You should be taking this guidance and topic seriously, as important information is on the line.

The DOL has determined this to be an enhanced threat and will likely be rolling out more formal audits over time. Not only should you be prepared for these audits, but as plan sponsors you should always be acting as prudent fiduciaries of your participants' retirement assets and personal data.

Don't let your guard down

Cyber threats come in all shapes and sizes and with an interconnected company comes additional risk. Organizations should have a well-documented cybersecurity program that protects their data and their participants' personal information, addressing any past risks and current threats, with a detailed plan in place to assess the security of its systems and practices.

As you continue to work with service providers for retirement planning, review and inquire about their cybersecurity programs as well. This extra step can ultimately lead to your organization's protection in the long-term.

This article was written by Todd Klabe from BenefitsPro and was legally licensed through the Industry Dive publisher network. Please direct all licensing questions to legal@industrydive.com.


Learn how Voya is aligned with the Department of Labor’s cybersecurity best practices.


Securing client data through cybersecurity and fraud prevention

Voya is committed to safeguarding the integrity and confidentiality of your plan from the risk of fraud, cyber threats and unauthorized activity. As part of this effort, we have established the Voya S.A.F.E.® (Secure Accounts for Everyone) Guarantee. If any assets are taken from an employee’s workplace retirement plan account due to unauthorized activity and through no fault of their own, we will restore the value of the account —subject to a few key steps being satisfied. At Voya, we take the issue of fraud and cyber risk seriously, and we’re focused on doing our part to maintain your trust and confidence.

As we navigate new workplace norms in these precarious times, we are certain that we stand together in our commitment to customer security.



Related Items