Defined Contribution

Department of Labor Provides Cybersecurity Guidance

Department of Labor Provides Cybersecurity Guidance
clock
8 min 20 sec

This is an excerpt from an article published by the Center for Retirement Initiatives at Georgetown University’s McCourt School of Public Policy.

Plan sponsors and fiduciaries have traditionally relied on advisers—from attorneys to accountants to investment consultants—to help guide decisions for their retirement plans. For decades, a cornerstone of this assistance has been making recommendations about retirement plan investment portfolios. With the rise of cyberattacks on financial institutions, a number of plan sponsors and their advisers have started to focus more time and resources on the security of their plan data, including the participant information held by service providers. The Department of Labor (DOL) also recognized the vulnerability of plans to cyberthreats and recently published three important documents:

  • Online Security Tips: A helpful guide for plan sponsors and participants on how to maintain strong cybersecurity hygiene.
  • Tips for Hiring a Service Provider: A buyers’ guide to assist plan sponsors.
  • Cybersecurity Program Best Practices: 12 areas that plan sponsors should cover when addressing their cybersecurity programs.

These are helpful documents and important tools for plan sponsors to use when fulfilling their fiduciary duties. However, as plan advisers and attorneys have begun incorporating this guidance into the advice they provide their clients, they must be careful. While it is understandable that plan sponsors, prompted by advisers and attorneys, would want their service providers to provide more and better information, the absence of a basic understanding of cybersecurity could result in requests that could inadvertently create greater risks. Service providers recognize the right of plan sponsors to confirm that their participants’ data are protected, but have legitimate concerns that some of the information requested, if it becomes more widely available, could help cybercriminals breach systems, thus undermining that very security.

To read Ben’s complete article, please click here.

Posted by

Share
Share on facebook
Share on twitter
Share on linkedin
Related Posts
Operations

IRS Announces Updated Retirement Plan Limits for 2024

Jamie McAllister
Jamie McAllister details the 2024 DC plan limits.
ESG

The ESG Rule Explained, Part 4: The DOL's Goals

ESG Consulting Group
Tom Shingler interviews a legal expert on the ESG rule issued by the Department of Labor.
ESG

The ESG Rule Explained, Part 3: Shareholder Rights

ESG Consulting Group
Tom Shingler interviews a legal expert on the ESG rule issued by the Department of Labor.
ESG

The ESG Rule Explained, Part 2: DC Plan Lineups

ESG Consulting Group
Tom Shingler interviews a legal expert on the ESG rule issued by the Department of Labor.
ESG

The ESG Rule Explained, Part 1: Fiduciary Principles

ESG Consulting Group
Tom Shingler interviews a legal expert on the ESG rule issued by the Department of Labor.
Operations

Callan Survey: Legislation, Regulation, and Litigation Driving Change in DC Plans

Jana Steele
The 16th annual DC Survey now covers SECURE 2.0 (pre-passage) and diversity topics, along with the key tenets of DC plan management, governance, and f...
ESG

DOL Issues Final ESG and Proxy Voting Rule

Kristin Bradbury
Kristin Bradbury and Tom Shingler analyze the DOL's Final Rule on ESG and proxy voting.
Operations

IRS Announces Updated DC Plan Limits for 2023

Jamie McAllister
Jamie McAllister provides the details on the new IRS retirement plan limits for 2023.
Operations

Financial Wellness: Is It the Right Prescription for Your DC Plan?

Jana Steele
Jana Steele provides a summary of her recent white paper on financial wellness options for DC plans.
Operations

Target Date Funds and the Ever-Evolving Glidepath

Dario Buechi
Dario Buechi analyzes how target date fund glidepaths have changed over the last decade in response to low expected returns and high inflation.

Callan Family Office

You are now leaving Callan LLC’s website and going to Callan Family Office’s website. Callan Family Office is not affiliated with Callan LLC.  Callan LLC has licensed the Callan® trademark to Callan Family Office for use in providing investment advisory services to ultra-high net worth clients, family foundations, and endowments. Callan Family Office and Callan LLC are independent, unaffiliated investment advisory firms separately registered with the Securities and Exchange Commission under the Investment Advisers Act of 1940.

Callan LLC is not responsible for the services and content on Callan Family Office’s website. Inclusion of this link does not constitute or imply an endorsement, sponsorship, or recommendation by Callan LLC of their website, or its contents, and Callan LLC is not responsible or liable for your use of it. When visiting their website, you are subject to Callan Family Office’s terms of use and privacy policies.