Keeping Retirement Account Secure
Earlier this year the Government Accountability Office (GAO) released findings from a report reviewing cybersecurity and the risk to retirement plans. If you are interested in those reports you can view the reports here at https://www.gao.gov/products/gao-21-25.
Their reporting was not a surprise. Retirement accounts contain large dollar accounts for millions of individuals across the United States and in most cases, access to those accounts is done on-line with an ID and password or some type of security code or credential. This makes access and completing transactions related to those accounts more convenient, but it also sets up the risk that a hacker may be able to penetrate the system and gain access to the funds in those accounts.
The GAO passed along the findings to the Department of Labor and recommended that the DOL clarify that cybersecurity is a fiduciary responsibility of the plan sponsor and to issue additional guidance for plan sponsors and service providers in this area. The DOL then put together a three-part guidance package in response.
Access to the documents is provided below:
- Best Practices Summary https://www.dol.gov/sites/dolgov/files/ebsa/key-topics/retirement-benefits/cybersecurity/best-practices.pdf
- Tips for Hiring a Service Provider with Strong Cybersecurity Practices https://www.dol.gov/sites/dolgov/files/ebsa/key-topics/retirement-benefits/cybersecurity/tips-for-hiring-a-service-provider-with-strong-security-practices.pdf
- Online Security Tips for Participants and Plan Sponsors https://www.dol.gov/sites/dolgov/files/ebsa/key-topics/retirement-benefits/cybersecurity/online-security-tips.pdf
This is all nice information but you may be asking what does this mean for me? The DOL also announced that it will be including cybersecurity in its enforcement efforts. They will be reaching out to evaluate the Plan’s actions taken in these areas to reduce the risk to participants from a potential hack of their account. In the event of an incident, the DOL will be reviewing the controls that were not in place by the Plan Sponsor or their service providers that allowed the breach to occur. Fines and/or penalties could be imposed for a lack of attention in this area.
We recommend all Plan Sponsors pay particular attention to this new guidance as cyber attacks are increasing in frequency and could present a real threat to your Plan and the related participant accounts.
Do you need an audit for your 401(k) Plan? Consider a specialized firm like Summit CPA Group. We can provide a quality benefit plan audit that is efficient and accurate. We also offer flat-fee pricing so there are no surprises on your bill when the job is complete. If you would like to discuss our audit process in more detail contact our office at (866) 497-9761.