The Department of Labor’s Employee Benefits Security Administration today issued long-anticipated guidance on cybersecurity and best practices for protecting retirement benefits. EBSA released three guidance documents, “Tips for Hiring a Service Provider,” “Cybersecurity Program Best Practices” and “Online Security Tips.” The first two releases are aimed at plan sponsors, fiduciaries, and record keepers, and the last release is intended for retirement investors.
The documents include information on selecting a service provider with strong cybersecurity practices, information for record-keepers to manage cybersecurity risks, and basic rules to reduce the risk of fraud online. The DOL issuances provide agency direction and clarity for banks acting as retirement plan sponsors, plan fiduciaries and service providers seeking to align their cybersecurity policies with DOL and Employee Retirement Income Security Act requirements.