Cybersecurity: A Team Sport
Who protects retirement plan accounts from hacks, attacks and other threats? The record keepers? The plan sponsor? The participants? The tech team? Actually, it’s everyone who cares about retirement savings—so really, everyone. However, if you sponsor a retirement plan, you are required to mitigate cyber threats, and in addition to carefully selecting and monitoring the protocols of all third parties you contract with for the plan, you must also communicate with participants about protecting their accounts.
Plan Sponsor Playbook
At TIAA, Sastry Durvasula, chief operating, information and digital officer ,reminds retirement plan sponsors, advisers, recordkeepers, and participants that cybersecurity is a “community sport…a shared accountability.” According to Durvasula, it’s critical for plan sponsors and recordkeepers to “communicate that digital scams exist across an ‘evolving landscape.’ Not only are there commonplace clickbait phishing emails, but also artificial intelligence-powered deepfake scams sophisticated enough to make even the most tech-savvy of participants fall prey.” It’s also essential to take extra precautions when it comes to the elderly, because in the event of cognitive decline, they are even more susceptible to scammers. Durvasula suggests stepping up vigilance against cyber threats by bringing the trusted contacts of older adults “into the protection ecosystem.”
At Boston College’s Center for Retirement Research, Luke Delorme of Tableaux Wealth provides further pointers for Preventing Cyber Scams that Target Seniors, including these:
Verify before you trust. If someone claims to be from your bank or a tech company, or that they’re a grandchild in trouble, hang up and call back using a known number, not one provided by the caller. When receiving an email, pause before you respond or click a link.
The SLAM method is a simple checklist for spotting scam emails. It stands for Sender, Links, Attachments, and Message:
- Check the email Sender’s address
- Hover over Links (to see if it’s a trustworthy url)
- Avoid suspicious Attachments, and
- Evaluate the Message for urgency or errors.
If anything feels off, don’t click, reply, or share information. Verify directly with the company or person through a trusted contact, such as a family member or friend who is tech savvy….Be skeptical of any unexpected contact, and always verify using a trusted number or source. It is unlikely that something legitimate would come out of the blue.
Obligated To Mitigate
The Department of Labor obligates retirement plan sponsors to mitigate cybersecurity threats to plan assets and data, and recommends these related best practices. Additionally, plan sponsors must ensure that all service providers use strong security protocols. The Department of Labor also provides these online security tips for retirement plan participants. At Plan Sponsor Magazine, Sentinel Group’s senior vice president of fiduciary advisory services, Julie Doran Stewart, reminds plan sponsors to distribute the DOL’s tips to participants, and encourage them to activate and monitor their accounts, underscoring that for plan sponsors,“Cybersecurity is not a one-and-done deal….Make it a part of your periodic due diligence. Commit the time and attention.”
Attorneys at Buchanan Ingersoll & Rooney concur, underscoring the critical role plan sponsors play in mitigating cyber threats to retirement plans, and point out that failures can result in fiduciary breach allegations: “Fiduciaries hold significant control over the safety and integrity of a plan’s assets; compliance with ERISA fiduciary duties requires shielding plan assets from cyber threats….If plan fiduciaries fail to comply with strict ERISA duties regarding a plan’s assets, they can be found personally liable for breaches of their fiduciary obligations.”
Because plan sponsors from small businesses tend to face the biggest hurdles implementing cybersecurity recommendations, Colonial Surety Company offers an efficient and affordable solution. Specifically, for a few dollars a day, plan sponsors can obtain protection for the company, the plan, and themselves, with a Cyber Liability+ Fiduciary Liability Insurance package. In addition to providing defense costs and penalty limits up to $1,000,000, if faced with claims of alleged or actual breaches of duty in connection with the employee retirement plan, Colonial’s Cyber Liability+Fiduciary Liability Insurance addresses numerous DOL recommendations by explicitly covering the plan and the business, and including:
- Expert-led response services following a data breach.
- Protection from lawsuits and regulatory actions related to the breach
- Legal services.
- Computer forensic services.
- Public relations and crisis management expenses.
- Notification services.
- Call Center services.
- Credit and Identity monitoring
Retirement plan sponsors can obtain this comprehensive coverage online in minutes today, or even speak to one of Colonial Surety Company’s knowledgeable ERISA experts for further support. Mitigate threats to the retirement plan, and reduce your personal liabilities before another day goes by:
Cyber Liability Insurance+ Fiduciary Liability Insurance
Colonial Surety Company is rated “A Excellent” by A.M. Best Company, U.S. Treasury listed and in business all across the country. Serving customers since 1930, we are the trusted source for the pension industry to secure legally required ERISA bonds, fiduciary liability insurance and cyber-liability insurance. We help safeguard plan sponsors, pension professionals and financial advisors — and keep their businesses compliant — with pain-free, efficient, and friendly service every time.
