On April 14, 2021, the Department of Labor (DOL) announced new guidance on best practices for maintaining cybersecurity. This is the first time the department’s Employee Benefits Security Administration (EBSA) has issued such advice.
The guidance comes in three forms:
- Tips for Hiring a Service Provider: Helps plan fiduciaries prudently select a service provider with strong cybersecurity practices and monitor their activities, as ERISA requires.
- Cybersecurity Program Best Practices: Assists trustees and administrators in their responsibilities to manage cybersecurity risks.
- Online Security Tips: Offers plan participants basic rules to reduce the risk of fraud and loss.
Previously issued EBSA regulations include provisions on making sure that electronic recordkeeping systems have reasonable controls, that records management practices in place are adequate, and that electronic disclosure systems include measures calculated to protect personally identifiable information.
Reducing the risk from threats to cybersecurity is essential to protecting plan assets and data. Please contact your Legacy representative with questions or concerns.