In this age of relying heavily on technology, it is vital to take the necessary cyber security precautions. You want to make sure that all sensitive information is highly protected. This document showcases some tips and tricks for plan sponsors.
Topics include: Security Standards, Establishing a Formal Cybersecurity Program, Using Multi-Factor Authentication, Cybersecurity Insurance, and much more.
Per the DOL, plan sponsors should ask the service provider about the following:
- Security Standards
- Security Practices
- Security Policies
- Audit Results
- Security Validation Process
- Security Levels Implemented
- Past Security Breaches
- Cybersecurity Insurance
- Cybersecurity Guarantee
Per the DOL, plan sponsors should consider the following actions:
- Establish a formal Cyber Security Program
- Conduct annual risk assessments
- Hire third party to audit security controls
- Define and assign information security roles and responsibilities
- Establish strong access control procedures
- If data stored in cloud or with third party conduct security reviews
- Conduct cyber security awareness training
- Implement secure system development life cycle
- Create effective business resiliency program
- Encrypt sensitive data
- Respond to cyber security events
Per the DOL, plan participants should consider the following actions:
- Register your account
- Regularly monitor your account
- Use strong and unique passwords
- Use multi-factor authentication
- Keep personal contact information current
- Close or delete unused accounts
- Do not use free Wi-Fi
- Beware of Phishing attacks
- Do not store login information in your email account
- Use up to date anti-virus software
- Report identify theft to your employer and the record-keeper
For any further questions, please do not hesitate to contact your Wellspring Financial Partners at (520) 327-1019 or info@wellspringfp.com.
This material was created to provide accurate and reliable information on the subjects covered but should not be regarded as a complete analysis of these subjects. It is not intended to provide specific legal, tax or other professional advice. The services of an appropriate professional should be sought regarding your individual situation. [A proud member of RPAG]
