ERISA

Multi-Factor Authentication, and Zero-Trust?

10.22.2024

 

While continuous training and multi-factor authentication helps, some experts predict that “zero-trust” is what it will ultimately take to protect money and information in the face of ever trickier cyber attacks created by generative artificial intelligence.

 

Cybersecurity Becomes More Time-Consuming

The evolving concept of zero-trust basically involves assuming every communication is a cyber breach—even though that sounds like an excruciating approach to the work day: 

 

Treating all communications as if they are happening in a breach situation, always verifying authenticity by way of additional factors, and granting the least privileged access required. Originally coined by cyber analyst John Kindervag to describe a secure network architecture, the zero-trust concept has since expanded in scope and can be applied in principle to any process that needs to be secured against imposter fraud….Implementing zero-trust means adding inconveniences and potentially awkward double checks and significantly limiting institutional access. Barriers are put in place to ensure identities are fully trusted and verified. Passwords must be memorized and recycled more regularly. Employees will get additional passwords and authenticating devices and will face more elaborate hoops to get working again should they forget any of them. If implicit trust is the most expedient process available, zero-trust is the opposite.

 

At it’s best, a zero-trust approach would require so many checks and controls that it would “prevent most if not all” of the “man-in-the-middle attacks” created by hackers, although multifactor authentication (MFA) and continuous training will continue to be essential for businesses:

 

Senior leadership will need to consistently emphasize the need to learn and follow all security processes, even when they are inconvenient or awkward.Learning and following shifting security processes and passwords is already a time consuming challenge, but a consistent and regular training program remains the most effective way to ensure that people are prepared for the evolving dangers. “White hat” phishing exercises test employee awareness with imitation phishing emails to see how well employees respond to common efforts to trick them. Sharing performance metrics—and more pointed follow-up—can make the need for continuing vigilance less abstract.

Millions Per Incident…

Though the emergence of zero-trust may seem like an excessive approach to safeguarding businesses, consider the alternatives, as artificial intelligence makes cyber crime more prevalent and trickier: “Language and programming skills are no longer required. With average losses from security events in the United States already exceeding $4 million per incident, it is fair to say that the number and reach of these attacks is only going to expand as it becomes easier for the criminals to fool people using these tools.”

Not surprisingly, given the imperative of protecting retirement plans from cyber threats, the Department of Labor has been very active on the issue of cybersecurity, and recently issued updated guidance, with Assistant Secretary for Employee Benefits Security, Lisa M. Gomez, underscoring: “All ERISA covered-plans need to implement appropriate best practices to help protect participants and their beneficiaries from cybercrime and emerging threats. These updates remind plan sponsors and fiduciaries of the critical importance of safeguarding job-based benefits and personal information.”

 

Lawsuits related to cybersecurity failures pose an extra threat for retirement plan sponsors, so it’s best to protect personal and business assets in the event of fiduciary breach allegations. Retirement plan sponsors can secure affordable Fiduciary Liability Insurance from Colonial Surety Company, where a one-year policy, inclusive of 50k Cyber Liability Insurance, costs less than an hour of ERISA defense attorney fees.

 

Colonial Surety’s efficient  Fiduciary Liability & Cyber Liability Insurance packages are specifically designed to help plan sponsors with:

 

 

  • DOL Compliance: The Department of Labor stresses the importance of Cyber Liability Insurance. Our coverage not only safeguards the plan but also protects your business.

 

 

 

  • Comprehensive Protection: All our packages include Fiduciary Liability Insurance, ensuring your business and personal assets are shielded from the repercussions of fiduciary breaches.

 

 

 

  • Cost-Control: Our packages are available for 1, 2, and 3-year terms, providing flexibility and locked-in rates.

 

 

Don’t shoulder all the risks alone: 

Fiduciary and Cyber Liability Insurance HERE 

 

Colonial Surety Company is rated “A Excellent” by A.M. Best Company, U.S. Treasury listed and in business all across the country. Serving customers since 1930, we are the trusted source for the pension industry to secure legally required ERISA bonds, fiduciary liability insurance and cyber-liability insurance. We help safeguard plan sponsors, pension professionals and financial advisors — and keep their businesses compliant — with pain-free, efficient, and friendly service every time.