On September 6, 2024, the Department of Labor (DOL) updated its cybersecurity guidance for employers, plan sponsors, fiduciaries, and recordkeepers. The updated guidance includes the following tips:
- Beyond comparing security standards, practices, policies, and audit results to industry standards, seek service providers who employ an independent third-party auditor to review and validate their cybersecurity measures.
- Require annual audits, the right to review audit results, and ongoing compliance with cybersecurity and information security standards in your service provider contracts.
- Evaluate the service provider’s track record, including public information, litigation history, and legal proceedings.
- Inquire about any past security breaches and how the service provider responded.
- Determine if the service provider has insurance policies that cover losses caused by cybersecurity breaches and identity theft.
With 29 years of expertise, the ERISA Advisory Group excels in managing ERISA fiduciary issues for plan sponsors and fiduciaries. We invite you to reach out and let us share our knowledge and experiences with you.