For more stories like this, sign up for the PLANSPONSOR NEWSDash daily newsletter.
Segal Group Recommends Steps for DC Plan Cybersecurity
Among other things, it is recommended that plan sponsors minimize requests for and use of personally identifiable information and review recordkeepers' security procedures.
Because the personally identifiable information (PII) that defined contribution (DC) plans safeguard is a tempting target for cybercriminals, it is imperative for these plans to protect themselves from breaches of their data, The Segal Group says.
Failures could occur when sponsors exchange PII with recordkeepers or other service providers. Therefore, the firm recommends nine steps plans can take to hedge against cybersecurity risk:
- Create an information security policy and an incident-response plan.
- Minimize requests for and use of PII
- Train staff regularly
- Assess the information technology (IT) environment
- Mandate use of encryption for data-at-rest and data-in-motion
- Assess recordkeepers’ technology
- Review recordkeepers’ security procedures
- Set up and regularly review system activity logs
- Maintain adequate levels of cyber liability protection.
“Implementing an effective framework for managing DC plan data security risks will strengthen the plan’s control environment and may further improve stakeholder confidence,” says Julian Regan, senior vice president of Segal Marco Advisors, the investment solutions provider of The Segal Group.
You Might Also Like:
How Should a Plan Sponsor Respond to a Data Breach?
EBSA’s Lisa Gomez Talks DOL 2024 Agenda
Report: DOL Information Security Needs Improvement
« Archdiocese of San Juan Files for Bankruptcy After Pension Plan Judgement