As of December 31, 2021, the total US retirement assets were $39.4 trillion. And retirement assets accounted for 33% of all household financial assets in the United States.
Now, that makes for a big target in the world of cybercrime, especially since, in 2020, the US Department of Labor’s (DOL) finalized rules encouraging electronic delivery and disclosures of plan information.
To help support and assist plan sponsors in mitigating cybersecurity risk, the DOL, for the first time in 2021, announced new guidance on best practices for maintaining cybersecurity directed at plan providers and beneficiaries.
Here are 7 security best practices for retirement plan providers.
The DOL guidance was developed to help protect against the possible risk of cyber theft. Familiarizing oneself with the guidance can help keep data secure and give you a warning of any cyber threats.
Retirement plan providers must consider increasing cybersecurity and minimizing their organization’s risk. Whether installing a cybersecurity platform or actively monitoring online activities, conducting regular anti-malware, anti-virus, and anti-spyware software updates, vulnerability assessments, pension plan providers need to upgrade their cybersecurity measures. An increasing number of providers are now using AI software to identify unusual patterns in their network activity, thus identifying potential security threats.
If you are a plan provider who engages third-party service providers, a gap in their security could lead to a gap in your security. Connect with your third-party service provider to understand if they are also taking the necessary precautions or if there are any red flags to their security.
Retirement plan providers must understand the importance of backing up devices to protect against data loss that may result from cybersecurity breaches, human errors, virus attacks, and even power failure.
Plan providers must support pensioners by establishing an incident response plan and a trustee security policy that can cover the cyber risks of the pension scheme. They should also help clients understand residual risks and how to mitigate them.
Plan providers must try to gather and maintain all related documents in one location so that this sensitive information can be easily monitored and secured. They should also guide pensioners in assessing if they have been the victim of identity theft, know essential details such as which bank accounts pension scheme monies can be transferred to, and understand how to protect their electronic signature.
Pension providers must train their staff to identify, escalate, report, and mitigate the impact of successful attack threats such as phishing emails or clickjacking (where a link is sent in an email), for instance.
Retirement plan providers must take appropriate precautions to mitigate the risks of cyberthreats. Congruent Solutions offers a suite of secure and technology-driven retirement services for plan providers. Give us a call today.