401khelpcenter.com Logo

COLLECTED WISDOM™ on Cybersecurity Risks and Liabilities

This is a collection of articles, papers, and commentaries on cybersecurity risks and liabilities for employers, retirement plan sponsors and fiduciaries.

This archive contains not only the most current material on the topic, but also older items that are still relevant, provide background, perspective or are germane to the topic.

If you find a broken link or an items that you feel is outdate, irrelevant or no longer appropriate, please let us know.

To subscribe to our free weekly newsletter, enter your email address below then click the "Join" button.

Email Address:

NOTE: WE DO NOT SELL YOUR DATA OR EMAIL ADDRESS TO ANY ORGANIZATION.

    

Cybersecurity Threats: What Retirement Plan Sponsors and Fiduciaries Need to Know-and Do

Abstract: The loss of employee personal information due to a cyber breach is an ever-increasing concern to all employers. No organization or industry is immune from cyber threats, including benefit plan sponsors and plan service providers. This article analyzes cybersecurity issues for retirement plans.

Source: Poynerspruill.com, October 2017

Five Cybersecurity Best Practices

Abstract: Regulators want to ensure advisors safeguard client and business information online. Implement these best practices to reduce the risk of your data being compromised.

Source: Morningstar.com, September 2017

Retirement Plans at Risk for Identity Theft

Abstract: While many cyber threats have special names, your retirement plan's data may be most at risk from common things an employees do every day that put themselves at risk for identity theft. It is those common things, discarding paperwork with personal information, postings on various websites and other information that can be available in the public domain that identity thieves may use to gain access to an individual employee's retirement plan account. Retirement plan accounts have been stolen by identity theft in several incidents.

Source: Winstead.com, September 2017

401k Cybercrime: Key to Keeping a Plan Safe Is Not Delegating Fiduciary Responsibilities

Abstract: Some employers delegate the two fiduciary roles that approve cash disbursements (from their 401k plan) to their provider. In the author's view, this outsourcing of fiduciary authority makes a 401k plan more vulnerable to cybertheft.

Source: Employeefiduciary.com, September 2017

Cybersecurity Must Be C-Suite Concern at RIAs, Brokers and Managers

Abstract: Cybersecurity attorney and former SEC staffer Marlon Paz suggests it is absolutely essential for advisory firms to have a senior executive "not just appointed but also empowered" as the chief information security risk officer.

Source: Planadviser.com, September 2017

Cybersecurity More Than an Individual Concern

Abstract: Cybersecurity is a special concern for the financial industry, a lawyer who handles cybersecurity cases said recently. But its importance goes well beyond the integrity of clients' and plan participants' sensitive information, it pervades inter-corporate business functions as well.

Source: Ntsa-net.org, September 2017

Cybersecurity and Online Privacy Issues for Employee Benefit Plans

Abstract: When most plan participants think about security involving their retirement plan, they are typically thinking along the lines of financial security and how their investments perform. However, like other financial institutions, retirement accounts are subject to cyber threats that could threaten users' privacy and other account information.

Source: Bsllp.com, August 2017

How to Guard Benefits Plans From Cyberattacks

Abstract: Cyberattacks -- including incidents of ransomware -- are making headlines almost daily. Because employee health and retirement plans are often top targets, HR professionals should take precautions to defend against these assaults, especially since breaches can also result in penalties and fines.

Source: Shrm.org, August 2017

Three Tips for Better 401k Plan Cybersecurity

Abstract: With trillions of dollars in assets to safeguard, the retirement services industry is now intensely focused on the issue of cybersecurity. This article provides three tips retirement plan participants use to protect their retirement savings.

Source: 401kspecialistmag.com, July 2017

Is Cybersecurity a Fiduciary Duty?

Abstract: Fiduciary duties and functions have been discussed over the last few years. But a recent blog entry suggests that cybersecurity should be added to them.

Source: Asppa.org, July 2017

Cybersecurity: Are Public Defined Contribution Plans at Risk?

Abstract: Given the continuing need for plans to adopt ever-greater levels of technology for administrative efficiency, the risk of inadvertent disclosure of personal information is escalating. Regardless of the investment made in protecting systems and data transmissions, plans remain vulnerable to human error and malicious or criminal actions.

Source: Nagdca.org, June 2017

Fiduciary Obligations to Safeguard Plan Participants' Data

Abstract: There have been numerous instances of high-profile cybercrime cases over the past couple of years spurring lively discussions in the ERISA community about the potential threat this type of crime poses to plan assets and personal data of plan participants and beneficiaries.

Source: Truckerhuss.com, June 2017

Plan Sponsors Growing Fiduciary Responsibilities for Cybersecurity

Abstract: This is the slide deck from a presentation on plan sponsors growing fiduciary responsibilities for cybersecurity given at the SPARK Institute's National Conference, June 1-2, 2017.

Source: Winstead.com, June 2017

SEC Issues Ransomware Risk Alert Highlighting Cybersecurity Best Practices

Abstract: The SEC published a Risk Alert regarding the "WannaCry" ransomware worm that infected hundreds of thousands of computers in over 150 nations earlier this month. The Alert provides background and resources and additionally highlighted cybersecurity best practices.

Source: Sutherland.com, May 2017

Data Breach Risks for 401k and Retirement Plans

Abstract: There has been a recent spike in attacks on 401k and retirement plans by cyber criminals. A data breach is a disruptive event. For plan fiduciaries, there are several factors that create heightened risk.

Source: Jonesday.com, April 2017

What Retirement Plan Sponsors and Employers Need to Know About Cybersecurity Risk and Liabilities

Abstract: Many employers historically were only concerned with privacy and security for health plans under the Health Insurance Portability and Accountability Act and state laws. However, cybersecurity should also be a consideration for every retirement plan fiduciary. To preserve fiduciary protection while making required disclosures electronically, retirement plan fiduciaries should consider whether their duties of loyalty, prudence and to administer the plan for the exclusive benefit of the participants might require them to protect their participants' personal information.

Source: Winstead.com, April 2017

Cybersecurity More Than an Individual Concern

Abstract: Cybersecurity is a special concern for the financial industry, a lawyer who handles cybersecurity cases said recently. But its importance goes well beyond the integrity of clients' and plan participants' sensitive information, it pervades inter-corporate business functions as well.

Source: Asppa.org, March 2017

Addressing Retirement Plan Cybersecurity

Abstract: It's not really new that cybersecurity is a concern for employers. But it shouldn't be ignored, especially in the context of retirement plans, since plan participants' personal and financial information is maintained and shared by multiple parties.

Source: Asppa.org, March 2017

Cybersecurity Risks and Liabilities for Employers, Retirement Plan Sponsors and Fiduciaries

Abstract: Many employers historically were only concerned with privacy and security for health plans under the privacy regulations. However, there are other references to protecting participant information in ERISA and employee information that should not be overlooked. Cybersecurity should be a consideration for every employer and retirement plan fiduciary.

Source: Winstead.com, February 2017

Cybersecurity Considerations for Employee Benefit Plans

Abstract: One of the most significant challenges that face employee benefit plans is the reliance on service providers to manage daily activities of the plan. As a result, employee benefit plans typically share sensitive employee data and beneficiary and employer information with these service providers. Based upon historical cybersecurity breaches, third parties can be considered the weakest cybersecurity link.

Source: Schneiderdowns.com, February 2017

ERISA Advisory Council Makes Recommendations on Cybersecurity

Abstract: The ERISA Advisory Council on Nov. 10 issued recommendations on actions the DOL can take regarding cybersecurity and making workplace retirement accounts more secure.

Source: Asppa.org, November 2016

DC Plans Ask About Cybersecurity Insurance, but Not for Them

Abstract: Defined contribution service providers generally have cybersecurity insurance when they take on recordkeeping and other duties, but DC plan sponsors themselves are more likely to be lacking such coverage. There is no legal requirement for plan sponsors or service providers to have cyber insurance, but it's best practice.

Source: Pionline.com, October 2016

DC Plans Face Threats to Crucial Data

Abstract: Cybersecurity issues are not really unique in defined contribution. Hackers are getting smarter and are getting better at decrypting. DC plans need to get smarter overall in protecting online sites like banking and DC portals. But there are specific issues to defined contribution plans when it comes to cybersecurity.

Source: Pionline.com, October 2016

401k Service Providers and Cybersecurity: Questions to Ask

Abstract: 401k plan fiduciaries have an obligation to secure and keep private the personally identifiable information of plan participants and beneficiaries. Part of this essential task is ensuring that plan service providers take cybersecurity preparedness and plan data protection seriously.

Source: 401khelpcenter.com, October 2016

Podcast: Cybersecurity and 401k Plans: Real or Theoretical Risk?

Abstract: This podcast discusses the evolving world of cyber risk or cyber threats and how they can impact 401k and other employer benefits plans.

Source: 401kfridays.com, October 2016

ERISA Cybersecurity Threats and the Role of Human Resources

Abstract: With the increasing threat to organizations from data breaches, HR plays a critical role in helping prevent and minimize the risk from cyber theft. This 21-minute podcast addresses how to identify potential cybersecurity problems, workforce challenges in data protection, and the use of policies, training and employee education that are designed to protect private and sensitive data.

Source: Littler.com, September 2016

Cybersecurity and the Role of ERISA Fiduciaries

Abstract: Recent technological advancements, especially in the area of cybersecurity, have only now become the focus of most ERISA fiduciaries. Due to the increasing frequency and sophistication of cyber-related threats to employee benefit plans, their trustees and third-party plan administrators and the potential financial repercussions, compliance with ERISA fiduciary standards will require implementation of a prudent cyber risk management strategy. This article is dedicated to understanding cybersecurity issues in the context of ERISA benefit programs.

Source: Pillsburylaw.com, September 2016

ERISA Advisory Council Highlights Importance of Cybersecurity Oversight

Abstract: The 2016 ERISA Advisory Council is gathering to study ways to encourage benefit plan sponsors and managers to adopt strategies that minimize the exposure of plan participants' data from cyber-attack. This article touches on what the Council is considering

Source: Gtlaw.com, August 2016

SEC Continues to Focus on Cybersecurity for Investment Advisers

Abstract: As in 2015, the Securities and Exchange Commission Examination Priorities for 2016 identify cybersecurity as an area of "potentially heightened [market-wide] risk."

Source: Ria-compliance-consultants.com, August 2016

Plan Advisers Take More Interest in Recordkeepers' Cybersecurity Practices

Abstract: In an era when costly cyberattacks and data breaches are becoming more common, 401k plan advisers are beginning to scrutinize data-security practices at recordkeeping firms. RK clients also have heightened concerns about securing the personal data of their employees.

Source: Investmentnews.com (registration may be required), July 2016

ERISA and Cybersecurity

Abstract: Data breaches are also causing benefit plan administrators and other fiduciaries under ERISA to consider whether their ERISA responsibilities include securing online plan data from cyberattacks, especially as to 401k and other benefit plans that are not subject to HIPAA. Although definitive guidance has not been provided, fiduciaries would be well-advised to proceed on the assumption that cybersecurity is an ERISA issue.

Source: Passwordprotectedlaw.com, June 2016

Fiduciary Risk in Data Privacy and Cybersecurity

Abstract: Retirement plans store extensive personal data on each participant and beneficiary. This data ranges from Social Security numbers and addresses to dates of birth, bank account and financial information, and other records and is stored physically and in electronic forms for years, if not decades. Retirement plan fiduciaries must take precautions to help ensure that they have fulfilled their fiduciary duties with respect to data privacy and cybersecurity.

Source: Morganlewis.com, April 2016

Cybersecurity's Impact on TPAs

Abstract: A recent announcement by the ERISA Advisory Council that it will be focusing on how cyber-related threats affect TPAs is addressed in a recent legal advisory from Pillsbury Law.

Source: Asppa.org, April 2016

An Overview of Cybersecurity Issues Affecting Retirement Plans

Abstract: In order to minimize a retirement plan's overall cyber risk profile, its sponsor(s) must implement a cyber risk management strategy, including focusing on evaluating its third-party service providers' cybersecurity programs, performing periodic assessments of such programs, and ensuring that the retirement plan has mitigated risks from losses in the event of a cyber attack.

Source: Pillsburylaw.com, February 2016


401khelpcenter.com, LLC is not the author of the material referenced in this digest unless specifically noted. The material referenced was created, published, maintained, or otherwise posted by institutions or organizations independent of 401khelpcenter.com, LLC. 401khelpcenter.com, LLC does not endorse, approve, certify, or control this material and does not guarantee or assume responsibility for the accuracy, completeness, efficacy, or timeliness of the material. Use of any information obtained from this material is voluntary, and reliance on it should only be undertaken after an independent review of its accuracy, completeness, efficacy, and timeliness. Reference to any specific commercial product, process, or service by trade name, trademark, service mark, manufacturer, or otherwise does not constitute or imply endorsement, recommendation, or favoring by 401khelpcenter.com, LLC.


Press Center | Glossary | Privacy Policy | Terms of Use | Contact Us

Creative Commons License
This work is licensed under a Creative Commons Attribution-NoDerivatives 4.0 International License.