Your company’s retirement plan poses serious cybersecurity risks.
So says the Government Accountability Office (GAO). It just released a new report on defined contribution plans.
First, think of all the sensitive info needed for a 401(k). Then that data travels between the employee, your company, the plan itself. And often a third party gets involved. Which makes retirement plans a massive vulnerability.
Now the Feds want your company, as a plan sponsor, to take steps to better protect that info.
So many chances to expose data
As a result, the GAO has asked the Department of Labor (DOL) to do two things:
- Clarify that cybersecurity is a fiduciary responsibility of private employers under ERISA, and
- Develop and issue guidance identifying minimum expectations to mitigate retirement plan cybersecurity risks.
Resourceful Finance Pro will keep you posted on the DOL’s response.
Keeping cybersecurity risks top-of-mind
But no matter what the DOL decides to do — or when it decides to do it — your company will want to keep cybersecurity a priority.
And, little surprise, IRS has some thoughts on the matter.
IR-2018-150: Tax Security 101 – Security Summit outlines “Security Six” must-have protections for solid cybersecurity:
- anti-virus software
- two-factor authentication
- backup software/services
- drive encryption, and
- a data security plan.