Cybercrime has become commonplace in society and you must be more vigilant than ever when it comes to protecting 你的self online. And unfortunately, businesses aren’t immune. 事实上, business owners have an even greater responsibility to protect 他们的 company’s data from cybercriminals looking to infiltrate 他们的 systems. And the responsibilities don’t stop there. Plan administrators and other retirement plan fiduciaries in particular are held to an even higher standard, which means that if you haven’t already, now is the time to understand 你的 obligation to protect the participant and beneficiary data to which you and 你的 plan service providers have access.
Your Responsibility to Keep PII On Lockdown
From 社会 Security numbers and dates of birth, to addresses and bank account information – also known as personal identifiable information or PII – you are responsible for managing an incredible amount of confidential participant and beneficiary information. And, while cybersecurity may have not been the focus at the time of implementation, under the Employee Retirement Income Security Act of 1974 (ERISA), it’s 你的 job to act in the best interest of participants and adhere to a standard of care in which you’re considered to be a “prudent expert.“因此, it’s not unreasonable to consider the protection of PII, whether in paper or electronic format, as part of 你的 fiduciary duty. Failing to meet this responsibility could result in you being held 承担个人责任 for a breach of fiduciary responsibility if a cybercriminal were to infiltrate 你的 network and gain access to confidential data. 因此, you are required to do everything in 你的 power to maintain top-notch data security practices.
相信没有人
The unfortunate truth is that even though 你的 cybersecurity efforts may be second to none, if a third-party vendor has access to 你的 company’s network or data is being shared with a third-party, such as a plan service provider, 你的 safety ultimately hinges on the effectiveness of 他们的 控制. In a recent cybersecurity seminar, this was explained as owning a house (你的 business) with an attached garage (PII) that’s situated right next to a busy highway with traffic constantly moving at a very fast pace (cyberspace). Each time you open 你的 garage door (or access cyberspace), 哪怕只是一点点, you run the risk of allowing anything from that busy highway to access 你的 garage – and, once they have gained access to 你的 garage, there are few 控制 in place to prevent them from entering 你的 house.
As a fiduciary to 你的 company’s retirement plan, it’s 你的 job to know what 你的 service providers are doing to offer protection from cybercrime. An effective way to adhere to this responsibility, according to the Pillsbury Law 公司, is to maintain a cyber risk management strategy that allows you to:
- Thoroughly examine third-party administrators and vendors.
- Implement and periodically review contextual protections and insurance requirements in arrangements with TPAs.
- Periodically monitor the TPAs’ cybersecurity compliance and related risks.
- Consider and, if appropriate, utilize the SAFETY Act and purchase cyber and privacy insurance.
A great way to learn about 你的 service providers’ systems of security while identifying potential risks is to ask the following questions:
- Do you have a cybersecurity program in place?
- If so, who is responsible for overseeing, implementing and enforcing the program?
- How would you inform customers of a cybersecurity threat if one were to occur?
- Do you regularly review and rate 你的 risk level for potential cyberattacks?
- What 控制 have you established to protect sensitive data?
- What is 你的 ability to respond to potential threats to this data?
What are you doing to ensure that the data you collect from plan participants and beneficiaries is secure? 够了吗?? 电子邮件的意图 & 比较靠谱的赌博软件 了解更多.
By Darlene Finzer, CPA, QKA, CSA (新费城办事处)
Check out these articles 了解更多 about the importance of guarding against a data breach: