Hello, Guest!

Cybersecurity

Labor Department Releases Three-Part Guidance to Protect Workers’ Retirement Benefits

Department of Labor

Labor Department Releases Three-Part Guidance to Protect Workers’ Retirement Benefits

The Employee Benefits Security Administration within the Department of Labor has released new cybersecurity guidance to protect American workers’ retirement benefits and personal information.

The guidance seeks to keep defined benefit plan participants in private pension plans and defined contribution plan participants safe from both internal and external cybersecurity threats, the DOL said

It comes in three forms, two of which are directed at plan sponsors and fiduciaries regulated by the Employee Retirement Income Security Act, as well as record-keepers.

The first piece of guidance offers tips to plan sponsors and fiduciaries for hiring a service provider with strong cybersecurity practices.

EBSA suggests partnering with service providers that adopt a recognized standard for information security and employ third-party auditors to review and validate their cybersecurity practices. It is also recommended that plan sponsors and fiduciaries evaluate service providers’ track record in the industry and ask whether they have experienced past security breaches.

The second piece of guidance lists 12 cybersecurity program best practices to help plan fiduciaries and record-keepers manage cybersecurity risks. 

Some of the best practices in the guidance emphasize maintaining a well-documented cybersecurity program, conducting prudent annual risk assessments, establishing clearly defined and assigned information security roles and responsibilities, having strong access control procedures and embracing responsiveness to cybersecurity incidents or breaches.

The last piece of guidance is meant for plan participants and beneficiaries. It provides online security tips to reduce the risk of fraud and loss to one’s retirement accounts, including using strong and unique passwords, adopting multi-factor authentication and being cautious of phishing attacks.

Potomac Officers Club Logo
Become a Potomac Officer Club Insider
Sign up for our weekly email & get exclusive event, and speaker updates, and find networking opportunities to connect with GovCon decision makers.

Category: Cybersecurity