New DOL Guidance on Blocking Retirement Plan Cyberattacks

Kirsch CPA Group

Jul 21, 2021

The U.S. Department of Labor (DOL) is becoming alarmed by the growing prevalence and sophistication of cybercrime. In response to this mounting threat, the agency recently released a cybersecurity program best practices guide for employers and companies that provide services to their retirement plans.

Benefits of Prompt Compliance

Attorneys specializing in retirement plan matters advise plan sponsors to heed the new DOL guidelines. Failure to do so could make your company vulnerable if litigation erupts following any kind of cyberbreach of its retirement plans — even if most of the plan’s administration is handled by service providers. ERISA plan fiduciaries generally must take reasonable steps to protect plan assets from cyberattacks.

Even without a legal dark cloud hovering above, employers don’t want to see their employees’ retirement savings wiped out in a breach. Moreover, management could transfer the knowledge gained from implementing the DOL’s recommended cybersecurity protocols to other potential areas of vulnerability, including the company’s financial systems.

Creating Your Cybersecurity Plan

Compliance with the DOL guidance begins with a comprehensive security plan. “A sound cybersecurity program,” the guidance states, “identifies and assesses internal and external risks that may threaten the confidentiality, integrity, or availability of stored nonpublic information.”

The plan needs to feature policies, procedures, guidelines and standards in the following areas:

  • Approval by top management,
  • An annual review of the program,
  • Education for relevant parties about the program,
  • Documentation of the framework(s) used to assess the security of your systems, and
  • Periodic audits by an outside expert to ensure that your plan is being followed.

The DOL expects your external security audit to include, among other things, audit reports, files, penetration test reports and supporting documents. Auditors also should document corrections of any cybersecurity weaknesses identified during the audit.

In addition to periodic external audits, the DOL recommends a fresh annual cybersecurity risk assessment. That’s because cybercriminals are constantly developing new tactics to break through your defenses.

“Employees are often an organization’s weakest link for cybersecurity,” according to the guidance. So, employers need a comprehensive cybersecurity awareness program that sets expectations for employees and teaches them to “recognize attack vectors, help prevent cyber-related incidents, and respond to a potential threat.”

Controlling Data Access

To manage the threat of employees inadvertently opening the door to cybercriminals, the DOL guidance calls for strong access control procedures. Examples include:

  • Customizing who’s granted access to systems according to the role of individuals involved, such as general users, plan administrators, third party administrators and IT personnel,
  • Using multifactor identification whenever possible, especially to access the internal networks from an external network,
  • Reviewing access privileges at least every three months and, when necessary, disabling access according to your access policies,
  • Monitoring the activity of authorized users and detecting unauthorized access or inappropriate actions,
  • Creating a process to ensure that any sensitive information about a participant or beneficiary in the service provider’s records matches the information that the plan maintains about the participant, and
  • Confirming the identity of the authorized recipient of any funds that are dispersed from the plan.

The DOL guidance addresses particular areas of risk associated with data stored on the cloud. The guidance points out: “In the cloud, data is stored with a third-party provider.” So, transparency and control over the data may be limited. Consider the following steps to help maintain scrutiny over cloud storage practices by third-party providers:

  • Require a risk assessment of the provider,
  • Establish minimum cybersecurity practices for the provider, and
  • Ensure that guidelines and contract provisions are as robust as those you hold your retirement plan services providers to.

Post-Incident Protocols

The DOL guidance also recommends putting together a business “resiliency” plan. It’s important to have an incident response plan in place to help IT staff detect, respond to and recover from security incidents.

Post-incident best practices also include recommended actions, such as notifying law enforcement and your insurance carrier, and providing information about the breach to affected participants “to prevent or reduce injury.”

Fortify Your Defenses

Adhering to the DOL guidance can dramatically decrease the risk of a cyberattack on your company’s retirement plan. Plus, if your retirement plan does get hacked and you can prove compliance with the DOL guidance, you’ll probably have a much easier time dealing with your plan’s service providers and insurance carrier to ensure that any harm to participants is rectified — but not at your expense.

For more information, contact your legal and financial advisors. These professionals can help you update your company’s existing retirement plan cybersecurity protocols to comply with the rigorous new DOL guidelines.

 

We can help you tackle business challenges like these – schedule an appointment today.

 

© Copyright 2021. All rights reserved.

More Resources

Next Level Accounting Guide

Guide: Next Level Accounting Services for Your Growing Business

Build a Better Business Guide

Guide: Build a Better Business by the Numbers

Business Acquisition to Sale Case Study

Case Study: Strategic Accounting Support from Acquisition to Sale

About The Author

Kirsch CPA Group is a full service CPA and business advisory firm helping businesses and organizations with accounting,…

Read More

Kirsch CPA Next Level Accounting Guide Download the Guide

Sign Up for Email Updates

Tags

Business Advisory (199) Small Business (74) Tax Strategy (73) Accounting (55) Construction (54) Business Strategy (53) Manufacturing (50) Non profit (45) Tax (32) Accounting Services (28) Tax Strategies (26) Kirsch News (25) Business Planning (25) Payroll (24) Business Taxes (23) Business Valuation (23) Grow Your Business (20) Retirement (18) Audit and Assurance Services (18) PPP (16) Fraud (16) Individual Tax (15) Tax Planning (14) CARES Act (13) Holistic Accounting Services (13) Business Advisory Services (13) Strategic Accounting (12) Benefit (11) Cash Flow (10) Employee Retention Credit (10) Financial Planning (9) IRS (9) Business (9) Contractors (9) Consolidated Appropriations Act (9) Deduction (9) Manufacturing Accounting (9) Human Resources (8) Financial Statements (8) Succession Planning (8) Small Business Tax (7) Tax Break (7) Business Owner (7) Department of Labor (6) Mergers and Acquisitions (6) IRA (6) Succession Plan (6) Remote Work (6) Tax Credit (6) Contractor (6) Inflation (6) Accounting Software (6) Construction Accounting (6) BOI Updates (6) Nonprofit (6) Ohio Tax (5) Tax Breaks (5) Estate Planning (5) Technology (5) Risk (5) Law (5) Valuation (5) Financial (5) strategic tax planning (5) Outsourced Accounting Services (5) Cash Flow Management (5) Professional Services Accounting (5) LLC (4) Estate Plan (4) Overtime (4) Real Estate (4) Deductions (4) Hiring (4) Cost (4) TCJA (4) Tax Cuts and Jobs Act (4) Supply Chain (4) ERC (4) Self-Employed (4) Plan (4) Revenue (4) Depreciation (4) Financial KPIs (4) Billing (4) ESOP (4) accounting partner (4) Accounting Best Practices (4) monthly financial statements (4) Not-for-profit (4) Compensation (3) Partnership Tax (3) Retain Employees (3) HSA (3) Business Intelligence (3) Social Security (3) DOL (3) Sales (3) Self-Employment (3) Outsourcing (3) Protecting Your Business (3) Rental Property (3) WOTC (3) Tax Benefits (3) Charitable Donations (3) Individual Taxes (3) EEOC (3) Work From Home (3) Donation (3) Profit (3) Contingency Plan (3) Gift (3) Family (3) Rental (3) Loss (3) Unemployment (3) CFO (3) Succession (3) Small Businesses (3) Credit (3) Loan (3) Gift Tax (3) Estate Tax (3) financial reporting (3) QBI (3) Cash (3) Unrelated Business Income Tax (3) Kirsch promotions (3) Cash Basis (3) family business (3) Section 179 (3) S-Corp (2) Research Tax Credits (2) Selling Your Business (2) Best Workplaces in Ohio (2) Buy-Sell Agreement (2) Ohio Taxes (2) Independent Contractor Status (2) Revenue Recognition (2) Home Office (2) Tax Credits (2) Payment (2) Deadline (2) Help for Ohio Business (2) FASB (2) Mid-Year (2) Deductible (2) Taxes (2) Bankruptcy (2) Welcome to the Team (2) Contracts (2) Phishing (2) Year-End (2) Join Our Team (2) Tax Free (2) Individual Income Tax (2) Tax Rate (2) Stimulus (2) New Law (2) Loan Changes (2) M&A (2) Personal Return (2) The American Rescue Plan Act (2) ARPA (2) Penalties (2) OSHA (2) Insurance (2) Return to Workplace (2) Estate (2) Future (2) Cryptocurrency (2) Expense (2) Property (2) Rent (2) CFO Services (2) Penalty (2) Contract (2) Wages (2) State Tax (2) Savings (2) Value (2) Tax Law (2) Tax Preparation (2) Tax Saving (2) Mileage (2) R&D (2) Chart of Accounts (2) Buy (2) Sell (2) Qualified Business Income (2) Multistate Taxes (2) tax compliance (2) Tax Incentive (2) Software (2) Debt (2) Supply (2) Tax Benefit (2) Inflation Risks (2) Invoice (2) Inflation Reduction Act (2) CHIPS Act (2) Generally Accepted Accounting Principles (2) Forecast (2) research credit (2) Expenses (2) Bookkeeper (2) Outsourced CFO (2) scaling a business (2) reduce labor costs (2) Upgrading Accounting Systems (2) QuickBooks Software (2) QuickBooks Optimization (2) Accounting Outsourcing (2) Strategic Business Advisory (2) BOI (2) Compensation Plans (1) SEPs (1) Donor Datebase (1) Promoting (1) Monitor Employee Communications (1) Business Expenses (1) Board of Directors (1) Customer Service (1) Motivate Employees (1) S Corporation (1) Record Retention (1) Employer Provided Vehicles (1) Tax Rules for Boats (1) Tax Rules for RVs (1) Home Improvement (1) No-Match Letter (1) Sales Deal (1) Rules of Qualification (1) Customer Loyalty (1) Profits (1) Work for Kirsch (1) Tax Deductible (1) Industry (1) Work Culture (1) Taxpayers (1) Partner (1) Tax Return (1) Competition (1) Tax Refund (1) Security (1) Leadership (1) Medical & Sick Leave (1) Economic Injury Disaster Loan (1) Emergency Financing From the SBA (1) Tax Favored Distributions (1) Roth (1) Traditional Roth (1) Dependent Care (1) DCAP (1) Pivot Strategy (1) Chapter 11 (1) Chapter 7 (1) Epidemic (1) Customers (1) Travel Restrictions (1) Workers Health (1) Legal Claims (1) Deferred Filing Tax Returns (1) HIPAA (1) Business Vehicle (1) Promotions (1) Worker Comp (1) Ohio Bureau of Workers Compensation (1) Homeowners (1) Common Tax Scams (1) Internal Tax Service (1) Hobby (1) Health Plan Administrative Expense (1) Financial Distress (1) Insolvency Exception (1) Home Mortgage Exception (1) Interest Exception (1) Student Loan (1) FSA (1) Improvements (1) Repairs (1) Background Check (1) Fraud Alert (1) Vishing (1) Preventing Attack (1) Home Office Deductions (1) Boost Profits (1) Independent Contractor (1) Ramsonware (1) Health Plan (1) Related Paid Leave (1) Tax Provisions (1) Overtime Pay (1) Buy or Lease (1) Data Breaches (1) Malware (1) Beneficiaries (1) Inheritance (1) Policy (1) Cost Cutting (1) Disaster Relief (1) FAQs (1) Resolutions (1) Schedule C (1) Closing Business (1) High-Deduction (1) Elderly (1) CVD (1) Restaurant (1) Opportunity Zone Investments (1) Bad Debt (1) SafeSend Exchange (1) Owners Compensation (1) Financial Relief (1) Child Labor Law (1) Minimum Wage (1) Record-Keeping (1) Bottom Line (1) Power of Attorney (1) Trader Status (1) Vaccine Scams (1) Child and Dependent Care Credit (1) Go Green (1) Visa (1) International (1) Employee (1) H-2B (1) FEMA (1) Trusts (1) Operations (1) Digital (1) Profit Fade (1) Managing Cost (1) Project (1) Make Money (1) Properties (1) Home (1) Return to Work (1) Federal Labor Policy (1) Labor (1) Labor Law (1) Passive Activity Loss (1) PAL (1) Liability (1) Deduct (1) Cybersecurity (1) Landlord (1) Relief (1) Job Loss (1) Eviction (1) Tenant (1) Economy (1) Development (1) Next (1) Strategic (1) Profitability (1) Financial Health (1) Individuals (1) Individual (1) Reviewed Financials (1) New Development (1) Opportunity (1) Planning (1) Review (1) Payroll Tax Credit (1) Overhead (1) Price (1) Estimate (1) Out-of-Scope (1) Project Planning (1) Productivity (1) Production (1) Lean (1) Output (1) Raw Material (1) Incentive (1) Process (1) Cyber (1) Cyber Attack (1) Financial Penalty (1) OT (1) Ransom (1) Ransomware (1) Hacker (1) Prevent (1) Prevention (1) DHS (1) Department of Homeland Security (1) Processing Payroll (1) Labor Laws (1) SBA (1) Damage (1) Damages (1) Economic (1) Economic Damage (1) NIOSH (1) National Institute for Occupational Safety and Health (1) Safety (1) PPE (1) Saving (1) Strategy (1) Customer Segmentation (1) Save (1) Client (1) Customer (1) Business Real Estate (1) Commercial (1) Location (1) Office Space (1) Lease (1) Shareholder (1) Independent Investor (1) Tax Season (1) Taxcaddy (1) Tax Filing (1) Tax Documents (1) Inside Public Accounting (1) CPA (1) Lower Taxes (1) Tax Savings (1) Tax Rules (1) Build Back Better Act (1) Proposed Tax Laws (1) Business Insurance (1) Premium (1) Life Insurance (1) Property-Casualty Insurance (1) long term disability (1) long-term care (1) crisis (1) crisis management (1) contingency (1) research and development (1) research (1) confidential (1) confidentiality (1) service providers (1) P&L statements (1) fairness opinion (1) fairness opinions (1) M&A Plan (1) money (1) estate and gift tax (1) commission (1) commission fraud (1) salespeople (1) due diligence (1) real estate investment trusts (1) REIT (1) investment (1) trade (1) Specified Service Trade or Business (1) SSTB (1) qualified (1) key person (1) discount (1) sales tax (1) single-member (1) multi-member (1) limited (1) General Partners (1) self-employment tax (1) medium business (1) qualified business income deduction (1) depreciation deduction (1) Junior Achievement Business Hall of Fame (1) Asset (1) owner (1) tax liability (1) tax files (1) tax records (1) federal tax (1) records (1) financial records (1) Bills (1) receipts (1) personal tax files (1) sell business (1) organized crime (1) National Federation of Independent Business (1) NFIB (1) Close (1) Close Business (1) debts (1) Small Business Reorganization Act (1) SBRA (1) Home-Based Business (1) kentucky tax law (1) gas (1) fuel (1) suppliers (1) supplier (1) marketplace (1) market (1) online (1) supplies (1) scam (1) product (1) seller (1) Buyer (1) work opportunity tax credit (1) work opportunity (1) Amended Taxes (1) inventory tracking (1) labor cost tracking (1) job costing (1) networking (1) projects (1) Collecting (1) equipment (1) purchase (1) combat inflation (1) Employee Stock Ownership Plans (1) company stock (1) ERISA (1) Employee Retirement Income Security Act of 1974 (1) corporate (1) legislation (1) profitability analysis (1) SALT cap workaround law (1) lending (1) Case Study (1) Financial Accounting Standards Board (1) GAAP (1) tech (1) legacy gift (1) funding (1) living trust (1) will (1) wealth (1) financial management (1) payroll support (1) rollover (1) inventory (1) disaster (1) interruption insurance (1) Business interruption (1) corporation (1) research expenses (1) income tax liability (1) types of financials (1) SSA (1) Social Security Administration (1) wage base (1) Claim (1) small business owner (1) reduce (1) reduction (1) Research & Development (1) research & development expenses (1) risk management (1) PTE (1) Pass-through entity (1) Chief Financial Officer (1) next level accounting services (1) pricing analysis (1) exit and retirement planning (1) SECURE 2.0 (1) Setting Every Community Up for Retirement Enhancement 2.0 Act (1) rate (1) medical (1) moving (1) digital enterprise (1) mobile (1) Cloud-Based (1) financial statement (1) forecasting (1) projections (1) projection (1) NOL (1) net operating loss (1) COD (1) Cancellation of Debt (1) forgiven (1) forgiveness (1) financial roadmap (1) quickbooks (1) SafeSend Returns (1) valuing (1) holistic (1) fradulent (1) invoices (1) FIFO (1) LIFO (1) last-in (1) first-out (1) first-in (1) tax changes (1) Business Interest Expense (1) Capitalize Research Costs (1) corporate cash donation (1) equifax hack (1) FICA (1) FUTA (1) medicare (1) normalized EBITDA (1) DCF (1) Business Buyers (1) meals (1) entertainment (1) Multistate Payroll Taxes (1) Remote Workforce Taxes (1) Payroll Automation (1) Local Tax Laws (1) Multistate Compliance (1) signs to scale (1) financial insights (1) reduce operating costs (1) Energy Credits (1) 401(k) (1) disabled access credit (1) family and medical leave credit (1) retirement plan startup credit (1) retirement plan automatic enrollment credit (1) QuickBooks Cleanup (1) loss disallowance rule (1) carryforward (1) distressed business (1) credit sales (1) collections (1) receivables ratio (1) aging schedule (1) average collection period (1) duties test (1) Agile Business (1) Weather Economic Uncertainty (1) Next Level Accounting (1) Projecting Cash Flow (1) veterinary profitability (1) Maximizing Labor ROI (1) Business Growth Plateau (1) bonus depreciation (1) IRS Section 179 (1) qualified improvement property (1) PTE Tax Benefits (1) ERC Claims (1) Cash Flow Forecasting (1) GAAP Accounting (1) Manufacturer Accounting Services (1) Tax Planning Services (1) Professional Services (1) Strategic Business Planning (1) nonprofit accounting services (1) Contractor Accounting (1) quarterly financial statements (1) Accounting Advisory Services (1) Transportation Tariffs (1) FinCEN (1) transportation KPI (1) logistics KPI (1) transportation business metrics (1) transportation business profitability (1)

Accounting & Financial News

Audits Are Essential to Your Organization’s Health

Audits have become more important due to increased public and government scrutiny of not-for-profit organizations, their management…

Read More

Tax Update: What the “One Big Beautiful Bill” Means for You

On July 5, President Trump signed the One Big Beautiful Bill Act (OBBB) into law—a sweeping tax…

Read More

Ohio Income Tax Changes: What You Need to Know

On June 30, 2025, Ohio Governor Mike DeWine signed into law the state’s biennial operating budget, which includes modifications to…

Read More
Kirsch Swoosh

Frequently Asked Questions

How can I manage cash flow better?

Good cash flow management and forecasting are essential for maintaining the financial health of your business. Having a rolling 12-month forecast of revenues and expenses helps you proactively avoid shortfalls and capitalize on opportunities. Learn more >

How can my business benefit from outsourced CFO services?

Outsourced CFO services, also known as fractional or virtual CFO services, let small and mid-size businesses leverage the deep financial expertise and strategic insights needed to accelerate growth and profitability for a fraction of the cost of hiring a full-time CFO. Key offerings include profitability analysis, cash flow forecasting, KPI benchmarking, and budgeting. Learn more >

How can I ensure that I don’t pay more taxes than necessary?

Effective tax planning involves leveraging all available tax credits, avoiding unpleasant surprises, keeping up with changes in the law, and ensuring you pay only your fair share. Learn more >

How can a CPA firm increase the profitability and value of my business?

When you partner with an accounting firm that offers advisory services, you will have the clear financial visibility needed to confidently make big decisions and drive profitable growth for your business. Learn more >

What should I look for in an outsourced accounting firm?

Growing a business requires more than tax preparation and basic accounting services. You need a holistic and forward-looking approach to your financial health. For best results, look for a partner who employs a proven process and a diverse range of services tailored to optimize cash flow, increase profitability, and maximize the value of your business. Learn more >