ERISA

Cybersecurity: HR Responsibilities

07.12.2024

 

Everyone at work is at least vaguely aware that cybersecurity is a duty shared by all. That doesn’t however make regularly and consistently practicing cyber hygiene a given during busy days. Increasingly, human resource professionals play a critical role related to  “training, upskilling and reskilling” for improved cybersecurity.

 

Training, Upskilling and Reskilling

In today’s world, the human resources function is key to ensuring all employees, no matter their role or status, have the information and resources needed to make cybersecurity an integral part of daily duties. Specific examples of the HR role in cybersecurity include:

 

  • HR should make a conscious effort to develop robust, bespoke cyber security awareness and training programs for their staff. These comprehensive programs should be tailored to the specific knowledge gaps while factoring in the needs and risks to the organization.
  • Ensure that all training and upskilling programs are relevant and accessible to all employees, regardless of their role, tenure, or seniority.
  • Conduct regular refresher training and reskilling sessions….
  • Communicate regularly… about emerging threats and vulnerabilities….
  • Consider realistic, interactive, scenario-based training exercises to test their real-world response strategies….
  • HR should collaborate closely with security and IT teams as well as top-level management to develop and deliver relevant policies that reflect the correct and appropriate behaviors, protocols and strategies for teams….
  • Confirm that all policies align with the organization’s overarching strategy, culture, and values while reflecting new industry recommendations and compliance requirements….
  • Improve and enhance policies in line with relevant regulatory frameworks….

 

Naturally, HR has a lead role in hiring employees who bring the right skills and mindsets to the business. Related to cybersecurity, experts advise these best practices:

 

  • When recruiting new talent, run relevant cyber security skills assessments to test their knowledge alongside interviews. This is crucial when hiring for roles that involve handling sensitive personal or critical system data.
  • Extend opportunities for existing staff to develop and upskill their cyber security knowledge through accredited training programs, certifications, job shadowing, rotations, and so on.
  • Transition employees to new roles or departments with approval having ensured they receive appropriate training relevant to their new responsibilities.
  • Partner with reputable niche recruiters to attract cyber security talent whether searching for full-time roles or temporary contractor placements to supplement your team.

 

Company Sponsored Retirement Plan?

Sponsoring a retirement plan for employees does a world of good–and requires putting extra cybersecurity protocols in place. Specifically, the Department of Labor’s recommendations on how plan sponsors must mitigate cybersecurity risks are detailed in the cybersecurity guidance released in 2021. Attorneys confirm that they are now observing active enforcementof the guidance. When evaluating their practices for compliance, plan sponsors will find it helpful to note that DOL inquiries have taken special interest in:

 

  • documents governing the IT systems, a breach response plan, a disaster recovery plan, and copies of system development lifecycle controls (SDLC), if applicable;
  • schedules of systems critical to the maintenance and protection of participant data and assets (including information on data used by the plan, where data resides, systems outsourced to service providers, and file sharing systems);
  • external and internal cybersecurity audit reports, including audits of IT systems (SOC 1 or SOC 2), as well as internal and external (with auditors) communications;
  • existence of cybersecurity insurance coverage;
  • documents mentioning or discussing cybersecurity, including emails and minutes of plan committee or board of trustees/directors meetings where the plan’s cybersecurity readiness was discussed; and
  • documents regarding cybersecurity events about unauthorized access or suspicious activity.

 

Just this spring, EBSA’s Assistant Secretary, Lisa Gomez, specifically advised plan sponsors to speak with their insurance providers about what their cybersecurity coverage encompasses, and “make sure you are protected there.” Gomez pointed out, for example, “Many employers assume that since the company has cyber liability insurance, they’d be covered in a breach. The fine print in the policy notes that it applies only to the company and not the company in its capacity as a plan sponsor—something not obvious to most.”

 

Colonial Surety Company offers plan sponsors an efficient, affordable and clear solution. Specifically, for a few dollars a day, plan sponsors can obtain protection for the company, the plan, and themselves, with a Cyber Liability+Fiduciary Liability Insurance package. In addition to providing defense costs and penalty limits up to $1,000,000, if faced with claims of alleged or actual breaches of duty in connection with the employee retirement plan, Colonial’s Cyber Liability+Fiduciary Liability Insurance addresses numerous DOL recommendations by including:

 

  • Expert-led response services following a data breach.
  • Protection from lawsuits and regulatory actions related to the breach
  • Legal services.
  • Computer forensic services.
  • Public relations and crisis management expenses.
  • Notification services.
  • Call Center services.
  • Credit and Identity monitoring

 

Plan sponsors can obtain this comprehensive coverage online in minutes today, or even speak to one of our knowledgeable ERISA experts for further support. Get compliant and protected now:

 

Cyber and Fiduciary Liability Insurance

 

Colonial Surety Company is rated “A Excellent” by A.M. Best Company, U.S. Treasury listed and in business all across the country. Serving customers since 1930, we are the trusted source for the pension industry to secure legally required ERISA bonds, fiduciary liability insurance and cyber-liability insurance. We help safeguard plan sponsors, pension professionals and financial advisors — and keep their businesses compliant — with pain-free, efficient, and friendly service every time.