{"id":1899,"date":"2021-05-10T15:42:10","date_gmt":"2021-05-10T15:42:10","guid":{"rendered":"https:\/\/www.amalgamatedbenefits.com\/amalgamated-employee-benefits-administrators\/?p=1899"},"modified":"2022-08-22T19:00:58","modified_gmt":"2022-08-22T19:00:58","slug":"dol-issues-new-cybersecurity-guidance-for-plan-sponsors-fiduciaries-record-keepers-and-participants","status":"publish","type":"post","link":"https:\/\/www.amalgamatedbenefits.com\/amalgamated-employee-benefits-administrators\/dol-issues-new-cybersecurity-guidance-for-plan-sponsors-fiduciaries-record-keepers-and-participants\/","title":{"rendered":"DOL Issues New Cybersecurity Guidance for Plan Sponsors, Fiduciaries,  Record-Keepers and Participants"},"content":{"rendered":"<div class=\"wp-block-image\">\n<figure class=\"alignright size-medium\"><img loading=\"lazy\" decoding=\"async\" width=\"200\" height=\"300\" src=\"https:\/\/www.amalgamatedbenefits.com\/amalgamated-employee-benefits-administrators\/wp-content\/uploads\/sites\/4\/2021\/05\/DOLCybersecurityGuidance-200x300.jpg\" alt=\"Man holding a laptop that says You've been hacked\" class=\"wp-image-1900\" srcset=\"https:\/\/www.amalgamatedbenefits.com\/amalgamated-employee-benefits-administrators\/wp-content\/uploads\/sites\/4\/2021\/05\/DOLCybersecurityGuidance-200x300.jpg 200w, https:\/\/www.amalgamatedbenefits.com\/amalgamated-employee-benefits-administrators\/wp-content\/uploads\/sites\/4\/2021\/05\/DOLCybersecurityGuidance-684x1024.jpg 684w, https:\/\/www.amalgamatedbenefits.com\/amalgamated-employee-benefits-administrators\/wp-content\/uploads\/sites\/4\/2021\/05\/DOLCybersecurityGuidance-768x1151.jpg 768w, https:\/\/www.amalgamatedbenefits.com\/amalgamated-employee-benefits-administrators\/wp-content\/uploads\/sites\/4\/2021\/05\/DOLCybersecurityGuidance.jpg 801w\" sizes=\"(max-width: 200px) 100vw, 200px\" \/><\/figure>\n<\/div>\n<p class=\"leading\">Cyber breaches have become increasingly more pervasive with new threats occurring on a daily basis. Given this and the fact that the Employee Benefits Security Administration (ESBA) estimates that, in the U.S. today, there are 34 million defined benefit plan participants and 106 million defined contribution plan participants in plans with assets totaling approximately $9.3 trillion, the Department of Labor (DOL) has issued, for the first time, cybersecurity guidance. Directed at plan sponsors, fiduciaries record-keepers and participants, the DOL\u2019s guidance covers tips for hiring a service provider, best practices and online security tips.<\/p>\n<h3 class=\"wp-block-heading\">Objectives<\/h3>\n<p>When making the <a href=\"https:\/\/www.dol.gov\/newsroom\/releases\/ebsa\/ebsa20210414\" target=\"_blank\" rel=\"noreferrer noopener\">announcement<\/a>, DOL Acting Assistant Secretary for Employee Benefits Security Administration Ali Khawar stated, \u201cThe cybersecurity guidance we issued today is an important step towards helping plan sponsors, fiduciaries and participants to safeguard retirement benefits and personal information. This much-needed guidance emphasizes the importance that plan sponsors and fiduciaries must place on combatting cybercrime and gives important tips to participants and beneficiaries on remaining vigilant against emerging cyber threats.\u201d<\/p>\n<p>The DOL\u2019s announcement noted that this latest cybersecurity guidance complements EBSA\u2019s existing regulations on electronic records and disclosures to plan participants and beneficiaries which encompass provisions on:<\/p>\n<ul>\n<li>Ensuring that electronic recordkeeping systems have reasonable controls,<\/li>\n<li>Ensuring that there are adequate records management systems, and<\/li>\n<li>Ensuring that electronic disclosure systems include measures designed to protect Personal Identifiable Information.<\/li>\n<\/ul>\n<h3 class=\"wp-block-heading\">Plan Service Provider Hiring Tips<\/h3>\n<ol>\n<li>The DOL offered the below tips to assess the quality of a service provider\u2019s cybersecurity controls.<\/li>\n<li>Compare the service provider\u2019s information security standards, practices, policies and audit results to industry standards adopted by other financial institutions.<br \/>Inquire as to how the service provider validates its practices and what security standards it has met and implemented.<\/li>\n<li>Evaluate the service provider\u2019s cyber performance by reviewing public information regarding security incidents, litigation and\/or other legal proceedings involving the company.<\/li>\n<li>Ask for the service provider\u2019s history relating to security breaches and if any, request a complete accounting of what happened and how the company responded.<br \/>Determine what, if any, insurance policies are in place to cover losses stemming from a cybersecurity and identity theft breach.<\/li>\n<li>Build in ongoing compliance with cybersecurity and information security standards into any service provider contract and be especially cautious regarding any contract provisions, which may limit the service provider\u2019s responsibility for IT security breaches. Include in your contract terms requirements for: annual third-party audits to determine compliance with information security policies and procedures, provisions on the use and sharing of confidential information without permission, notification of cybersecurity breaches, cyber breach insurance, and compliance with records retention and destruction, privacy and information security laws.<\/li>\n<\/ol>\n<p>Watch for future blogs presenting the DOL&#8217;s recommended cybersecurity best practices and online tips.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Cyber breaches have become increasingly more pervasive with new threats occurring on a daily basis. Given this and the fact that the Employee Benefits Security Administration (ESBA) estimates that, in the U.S. today, there are 34 million defined benefit plan participants and 106 million defined contribution plan participants in plans with assets totaling approximately $9.3&#8230;  <a class=\"excerpt-read-more\" href=\"https:\/\/www.amalgamatedbenefits.com\/amalgamated-employee-benefits-administrators\/dol-issues-new-cybersecurity-guidance-for-plan-sponsors-fiduciaries-record-keepers-and-participants\/\" title=\"Read DOL Issues New Cybersecurity Guidance for Plan Sponsors, Fiduciaries,  Record-Keepers and Participants\">Read more &raquo;<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[2],"tags":[],"acf":[],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/www.amalgamatedbenefits.com\/amalgamated-employee-benefits-administrators\/wp-json\/wp\/v2\/posts\/1899"}],"collection":[{"href":"https:\/\/www.amalgamatedbenefits.com\/amalgamated-employee-benefits-administrators\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.amalgamatedbenefits.com\/amalgamated-employee-benefits-administrators\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.amalgamatedbenefits.com\/amalgamated-employee-benefits-administrators\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.amalgamatedbenefits.com\/amalgamated-employee-benefits-administrators\/wp-json\/wp\/v2\/comments?post=1899"}],"version-history":[{"count":2,"href":"https:\/\/www.amalgamatedbenefits.com\/amalgamated-employee-benefits-administrators\/wp-json\/wp\/v2\/posts\/1899\/revisions"}],"predecessor-version":[{"id":2136,"href":"https:\/\/www.amalgamatedbenefits.com\/amalgamated-employee-benefits-administrators\/wp-json\/wp\/v2\/posts\/1899\/revisions\/2136"}],"wp:attachment":[{"href":"https:\/\/www.amalgamatedbenefits.com\/amalgamated-employee-benefits-administrators\/wp-json\/wp\/v2\/media?parent=1899"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.amalgamatedbenefits.com\/amalgamated-employee-benefits-administrators\/wp-json\/wp\/v2\/categories?post=1899"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.amalgamatedbenefits.com\/amalgamated-employee-benefits-administrators\/wp-json\/wp\/v2\/tags?post=1899"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}