As a forward-thinking consulting firm, PlanPILOT is vigilant about reducing a multitude of risks for our plan sponsor clients, especially cybersecurity. Retirement plans specifically are an extensive source of valuable information for cyber criminals. Data that is transferred to the recordkeeper, for instance, includes social security numbers, dates of birth, salaries, home addresses, and bank account information.
ERISA’s fiduciary standard of care states, “Fiduciaries must carry out their duties with the care, skill, prudence, and diligence under the circumstances then prevailing that a prudent man acting in a like capacity and familiar with such matters …” PlanPILOT asserts given the growing number of security breaches of plan participant data, plan sponsors are responsible for addressing and mitigating this risk for the benefit of themselves and their plan participants.
Our services in cybersecurity exemplify this, as we assist plan sponsors with addressing this area of growing risk. Our services include:
- Identify sources of data privacy risks and create an action plan
- Develop a questionnaire that is utilized to determine how a plan sponsor’s service providers are addressing cybersecurity risks for your plan data
- Review service provider’s contracts and ensure appropriate language is included to reduce risks to our clients
- Provide training to plan sponsor staff on risk reduction strategies
Having a defined risk mitigation process and implementing it with care and diligence is key to meeting your fiduciary responsibilities and protecting your plan participants. Please contact us to discuss how we can assist you in your cybersecurity risk management efforts.