New DOL Guidance on Blocking Retirement Plan Cyberattacks

Kirsch CPA Group

Jul 21, 2021

The U.S. Department of Labor (DOL) is becoming alarmed by the growing prevalence and sophistication of cybercrime. In response to this mounting threat, the agency recently released a cybersecurity program best practices guide for employers and companies that provide services to their retirement plans.

Benefits of Prompt Compliance

Attorneys specializing in retirement plan matters advise plan sponsors to heed the new DOL guidelines. Failure to do so could make your company vulnerable if litigation erupts following any kind of cyberbreach of its retirement plans — even if most of the plan’s administration is handled by service providers. ERISA plan fiduciaries generally must take reasonable steps to protect plan assets from cyberattacks.

Even without a legal dark cloud hovering above, employers don’t want to see their employees’ retirement savings wiped out in a breach. Moreover, management could transfer the knowledge gained from implementing the DOL’s recommended cybersecurity protocols to other potential areas of vulnerability, including the company’s financial systems.

Creating Your Cybersecurity Plan

Compliance with the DOL guidance begins with a comprehensive security plan. “A sound cybersecurity program,” the guidance states, “identifies and assesses internal and external risks that may threaten the confidentiality, integrity, or availability of stored nonpublic information.”

The plan needs to feature policies, procedures, guidelines and standards in the following areas:

  • Approval by top management,
  • An annual review of the program,
  • Education for relevant parties about the program,
  • Documentation of the framework(s) used to assess the security of your systems, and
  • Periodic audits by an outside expert to ensure that your plan is being followed.

The DOL expects your external security audit to include, among other things, audit reports, files, penetration test reports and supporting documents. Auditors also should document corrections of any cybersecurity weaknesses identified during the audit.

In addition to periodic external audits, the DOL recommends a fresh annual cybersecurity risk assessment. That’s because cybercriminals are constantly developing new tactics to break through your defenses.

“Employees are often an organization’s weakest link for cybersecurity,” according to the guidance. So, employers need a comprehensive cybersecurity awareness program that sets expectations for employees and teaches them to “recognize attack vectors, help prevent cyber-related incidents, and respond to a potential threat.”

Controlling Data Access

To manage the threat of employees inadvertently opening the door to cybercriminals, the DOL guidance calls for strong access control procedures. Examples include:

  • Customizing who’s granted access to systems according to the role of individuals involved, such as general users, plan administrators, third party administrators and IT personnel,
  • Using multifactor identification whenever possible, especially to access the internal networks from an external network,
  • Reviewing access privileges at least every three months and, when necessary, disabling access according to your access policies,
  • Monitoring the activity of authorized users and detecting unauthorized access or inappropriate actions,
  • Creating a process to ensure that any sensitive information about a participant or beneficiary in the service provider’s records matches the information that the plan maintains about the participant, and
  • Confirming the identity of the authorized recipient of any funds that are dispersed from the plan.

The DOL guidance addresses particular areas of risk associated with data stored on the cloud. The guidance points out: “In the cloud, data is stored with a third-party provider.” So, transparency and control over the data may be limited. Consider the following steps to help maintain scrutiny over cloud storage practices by third-party providers:

  • Require a risk assessment of the provider,
  • Establish minimum cybersecurity practices for the provider, and
  • Ensure that guidelines and contract provisions are as robust as those you hold your retirement plan services providers to.

Post-Incident Protocols

The DOL guidance also recommends putting together a business “resiliency” plan. It’s important to have an incident response plan in place to help IT staff detect, respond to and recover from security incidents.

Post-incident best practices also include recommended actions, such as notifying law enforcement and your insurance carrier, and providing information about the breach to affected participants “to prevent or reduce injury.”

Fortify Your Defenses

Adhering to the DOL guidance can dramatically decrease the risk of a cyberattack on your company’s retirement plan. Plus, if your retirement plan does get hacked and you can prove compliance with the DOL guidance, you’ll probably have a much easier time dealing with your plan’s service providers and insurance carrier to ensure that any harm to participants is rectified — but not at your expense.

For more information, contact your legal and financial advisors. These professionals can help you update your company’s existing retirement plan cybersecurity protocols to comply with the rigorous new DOL guidelines.

 

We can help you tackle business challenges like these – schedule an appointment today.

 

© Copyright 2021. All rights reserved.

About The Author

Kirsch CPA Group is a full service CPA and business advisory firm helping businesses and organizations with accounting,…

Read More

Tags

Covid-19 (51) tax strategies (25) Tax (25) business advisory (21) Kirsch News (18) Construction (18) Small Business (16) Business planning (16) manufacture (14) Manufacturing (14) Nonprofit (13) grow your business (12) Non-Profit (12) Tax Planning (12) retirement (12) deduction (12) Not For Profit (11) CARES Act (11) Fraud (11) Business (11) Tax credit (9) IRS (8) payroll (8) Contractors (8) CAA (8) Benefit (8) Small business tax (7) Department of Labor (7) Cash Flow (7) PPP Loan Forgiveness (7) Tax Break (7) Consolidated Appropriations Act (7) Employee Retention Credit (7) financial statements (7) risk (7) pandemic (7) accounting (7) balance sheet (7) business valuation (7) compensation (6) Payroll tax (6) accountants (6) Deductions (6) 401K (6) Hiring (6) PPP (6) Employee (6) loss (6) benefits (6) valuation (6) Tax Breaks (5) DOL (5) Estate Planning (5) Growth (5) Tax Cuts and Jobs Act (5) remote work (5) EEOC (5) Work from home (5) revenue (5) profitability (5) accounting advisory service (5) contractor (5) loan (5) depreciation (5) llc (4) Estate Plan (4) Real Estate (4) Cost (4) TCJA (4) CoronaVirus (4) IRA (4) Paycheck Protection Program (4) ERC (4) cash flow forecast (4) ARPA (4) Manufacturers (4) new hire (4) plan (4) rental (4) assets (4) credit (4) remote (4) retire (4) Inflation (4) business owner (4) billing (4) Retain Employees (3) Audit (3) HSA (3) Social Security (3) Sales (3) Self-Employment (3) Not-for-Profits (3) Protecting your business (3) Succession Plan (3) FASB (3) PPP Loan (3) Tax Benefits (3) CARES (3) Donation (3) 2021 (3) strategic accounting (3) self-employed (3) Profit (3) Insurance (3) Contingency Plan (3) gift (3) technology (3) cryptocurrency (3) unemployment (3) CFO (3) employment (3) succession (3) cfo services (3) financial health (3) health (3) 990 (3) small businesses (3) savings (3) cpa (3) mileage (3) gift tax (3) estate tax (3) hire (3) manufacturer (3) software (3) cash (3) fringe benefit (3) tax benefit (3) Section 179 (3) financial (3) GAAP (3) Generally Accepted Accounting Principles (3) Ohio tax (2) s-corp (2) RMD (2) Research Tax Credits (2) Selling Your Business (2) Business Intelligence (2) Best Workplaces in Ohio (2) Buy-Sell Agreement (2) Overtime (2) Revenue Recognition (2) Home Office (2) Mergers (2) Acquisitions (2) 1099 (2) Partner (2) Benefit Plan (2) Outsourcing (2) Financial Planning (2) Security (2) Change (2) Payment (2) Deadline (2) Help for Ohio Business (2) Supply Chain (2) Business Owners (2) COVID-19 relief (2) Rental Property (2) Mid-Year (2) Business Vehicle (2) Taxes (2) Bankruptcy (2) Welcome to the team (2) Contracts (2) Phising (2) Charitable Donations (2) Home Office Deductions (2) Year-End (2) Individual Taxes (2) Remote Workers (2) Boost Profits (2) ADA (2) Health Plan (2) join our team (2) Bookkeepers (2) charitable (2) Tax Free (2) Individual Income Tax (2) Tax Rate (2) Stimulus (2) Small Business Owners (2) New Law (2) Loan Changes (2) M&A (2) financial strategy (2) Equal Employment Opportunity Commission (2) Personal Return (2) The American Rescue Plan Act (2) 1040 Federal Return (2) American Rescue Plan Act (2) individual tax (2) OSHA (2) Occupational Safety and Health Administration (2) Reimburse (2) Worker (2) Return to workplace (2) innovation (2) grow (2) estate (2) future (2) family (2) operations (2) cryptocurrencies (2) bitcoin (2) digital (2) expense (2) property (2) rent (2) return to work (2) partnership (2) economy (2) development (2) succession planning (2) individual (2) reviewed financials (2) law (2) penalty (2) planning (2) review (2) tax-exempt (2) 501(c)(3) (2) political (2) inurement (2) remote worker (2) contract (2) lean (2) working capital (2) tax law change (2) wages (2) income statement (2) prevention (2) covid (2) state tax (2) value (2) tax law (2) business growth (2) lease (2) pricing (2) Internal Revenue Service (2) tax preparation (2) IPA (2) Inside Public Accounting (2) tax saving (2) R&D (2) chart of accounts (2) financial KPIs (2) buy (2) sell (2) investment (2) Qualified Business Income (2) QBI (2) multistate taxes (2) tax incentive (2) business strategy (2) 1040 (2) retention (2) acfe (2) Association of Certified Fraud Examiners (2) occupational fraud (2) employees (2) debt (2) Unrelated Business Income Tax (2) UBIT (2) standard mileage rate (2) antifraud (2) crypto (2) audit and assurance services (2) cash basis (2) liabilities (2) inflation risks (2) retirement plan (2) invoice (2) Inflation Reduction Act (2) CHIPS Act (2) borrow (2) Financial Accounting Standards Board (2) cash flows (2) forecast (2) SECURE 2.0 (2) 403(b) (2) Partnerships (1) IRA distributions (1) IRS Audits (1) Compensation Plans (1) SEPs (1) Donor Datebase (1) Promoting (1) Monitor Employee Communications (1) Business Expenses (1) board of directors (1) Customer Service (1) 4 Simple Steps (1) Motivate Employees (1) Ohio Taxes (1) S Corporation (1) Record retention (1) Employer-Provided Vehicles (1) Tax Rules for Boats (1) Tax Rules for RVs (1) Home Improvement (1) No-Match Letter (1) Independent Contractor Status (1) Sales Deal (1) Rules of Qualification (1) Customer Loyalty (1) Profits (1) AGI (1) Adjusted Gross Income (1) Work for Kirsch (1) Health Savings Account (1) Tax Deductible (1) Industry (1) Work Culture (1) Affordable Care Act (1) ACA (1) Taxpayers (1) Tax Return (1) Human Resources (1) Competition (1) Tax refund (1) Tax Credits (1) Leadership (1) 2019 (1) Medical & Sick Leave (1) Economic Injury Disaster Loan (1) Emergency Financing From the SBA (1) payroll protection program (1) Tax Favored Distributions (1) Roth (1) Traditional Roth (1) dependent care (1) DCAP (1) covi (1) Pivot Strategy (1) Chapter 11 (1) Chapter 7 (1) Epidemic (1) Customers (1) Travel Restrictions (1) Workers Health (1) legal Claims (1) Deferred Filing Tax Returns (1) HIPAA (1) update (1) Deductible (1) Promotions (1) Worker comp (1) Ohio Bureau of Workers COmpensation (1) Homeowners (1) common tax scams (1) Internal Tax Service (1) awards (1) Hobby (1) Health Plan Administrative Expense (1) Financial distress (1) Insolvency Exception (1) Home Mortgage Exception (1) Interest Exception (1) Student Loan (1) FSA (1) Flexible Spending Accounts (1) WOTC (1) Improvements (1) Repairs (1) Background Check (1) Fraud Alert (1) Vishing (1) Preventing Attack (1) Sensitive Company Data (1) Age-Bias (1) Downsizing (1) Ohio BWC (1) CDC (1) ADEA (1) Independent Contractor (1) Ramsonware (1) Related Paid Leave (1) PPP Forgiveness (1) Tax Provisions (1) Overtime pay (1) Buy or Lease (1) 2020 tax return (1) Data breaches (1) malware (1) Benficiaries (1) Inheritance (1) policy (1) cost cutting (1) Disaster Relief (1) FAQs (1) COVID-Related Tax Relief Act (1) Construction Financial (1) Resolutions (1) Schedule C (1) Closing Business (1) high-deduction (1) Elderly (1) CVD (1) Restaurant (1) Tax figures (1) Opportunity Zone Investments (1) Covid vaccination (1) bad debt (1) business taxes (1) business return (1) Individual IRA (1) SafeSend Exchange (1) COVIDTRA (1) owners compensation (1) Financial relief (1) 2020 Taxes (1) 2020 tax break (1) Child Labor Law (1) Minimum wage (1) Record-keeping (1) Penalties (1) Child Credit (1) 2020 federal return (1) Kirsch CPA Group (1) bottom line (1) Power of Attorney (1) cash flow visibility (1) Trader Status (1) Vaccine scams (1) Child and Dependent Care Credit (1) Go Green (1) Visa (1) International (1) H-2B (1) virtual currency (1) FEMA (1) Federal Emergency Management Agency (1) Diabilities (1) Americans with Disabilities Act (1) creative thinking (1) creative (1) new (1) trusts (1) trust (1) blockchain (1) cryptography (1) currency (1) digital money (1) profit fade (1) managing cost (1) project (1) make money (1) vacation home (1) summer (1) rentals (1) properties (1) residency (1) residence (1) home (1) federal labor policy (1) labor (1) labor law (1) passive activity loss (1) pal (1) liability (1) deduct (1) cybersecurity (1) cyber security (1) landlord (1) relief (1) job loss (1) eviction (1) tenant (1) new jobs (1) develop (1) next (1) strategic (1) retiring (1) virtual cfo (1) cpa firm (1) gross profit margin (1) net profit margin (1) individuals (1) labor shortage (1) help wanted (1) unemployed (1) employ (1) EVP (1) Employment Value Proposition (1) compiled financials (1) audited financials (1) Supreme Court (1) appeal (1) reverse (1) trade secrets (1) intellectual property (1) IP (1) theft (1) protect (1) protection (1) trademark (1) trademarks (1) copyright (1) copyrights (1) patent (1) patents (1) business plan (1) new development (1) opportunity (1) opportunities (1) lose (1) keep (1) campaign (1) lobbying (1) campaigning (1) lobby (1) annual report (1) annual reporting (1) annual reports (1) 990-EZ (1) payroll tax credit (1) ctc (1) child tax credit (1) 2021 tax (1) child (1) litigation (1) jurisdiction (1) sue (1) sued (1) legal (1) HR (1) counsel (1) overhead (1) price (1) estimate (1) out-of-scope (1) project planning (1) productivity (1) production (1) output (1) raw material (1) incentive (1) process (1) net equity (1) debt level (1) goodwill accounting (1) private firm (1) merger (1) acquisition (1) merge (1) acquire (1) cyber (1) cyber attack (1) cyberattack (1) securities (1) harvesting (1) American Family Plan (1) AFP (1) long-term capital gain (1) capital asset (1) gains (1) gain (1) losses (1) Securities Harvest (1) financial penalty (1) OT (1) ransom (1) ransomware (1) ransom ware (1) hacker (1) hackers (1) prevent (1) DHS (1) Department of Homeland Security (1) executive compensation (1) private inurement (1) teleworking (1) telework (1) tax withhold (1) tax withholding (1) processing payroll (1) labor laws (1) Payroll Protection Plan (1) SBA (1) small business administration (1) damage (1) damages (1) economic (1) economic damage (1) NIOSH (1) National Institute for Occupational Safety and Health (1) safety (1) ppe (1) saving (1) strategy (1) customer segmentation (1) save (1) profitable (1) client (1) customer (1) propose (1) proposal (1) tax change (1) tax proposal (1) increase (1) tax increase (1) loan terms (1) negotiating loans (1) financing (1) provisions (1) business real estate (1) commercial (1) location (1) office space (1) shareholder (1) independent investor (1) tax season (1) taxcaddy (1) tax filing (1) tax documents (1) 30th anniversary (1) recognition (1) award (1) lower taxes (1) tax savings (1) tax rules (1) Build Back Better Act (1) proposed tax laws (1) profitability modeling (1) business insurance (1) premium (1) life insurance (1) property-casualty insurance (1) long term disability (1) long-term care (1) car (1) auto (1) suv (1) van (1) write-off (1) reimbursement (1) crisis (1) crisis management (1) contingency (1) research and development (1) research (1) confidential (1) confidentiality (1) financial reporting (1) service providers (1) P&L statements (1) fairness opinion (1) fairness opinions (1) M&A Plan (1) money (1) estate and gift tax (1) health insurance (1) commission (1) commission fraud (1) salespeople (1) trend (1) new employee (1) company growth (1) due diligence (1) real estate investment trusts (1) REIT (1) trade (1) Specified Service Trade or Business (1) SSTB (1) qualified (1) key person (1) discount (1) tax compliance (1) sales tax (1) single-member (1) multi-member (1) limited (1) general partners (1) self-employment tax (1) medium business (1) qualified business income deduction (1) cash-method accounting (1) depreciation deduction (1) Junior Achievement Business Hall of Fame (1) asset (1) owner (1) staff (1) workers (1) accounting software (1) tax strategy (1) tax liability (1) tax files (1) tax records (1) federal tax (1) records (1) financial records (1) bills (1) receipts (1) personal tax files (1) growth by acquisition (1) manager (1) management (1) supervisor (1) education (1) education plan (1) recruitment (1) training (1) remote employees (1) remote employee (1) ICHRA (1) Individual Coverage Health Reimbursement Arrangement (1) telecommute (1) health benefits (1) sell business (1) organized crime (1) National Federation of Independent Business (1) NFIB (1) close (1) close business (1) debts (1) Small Business Reorganization Act (1) SBRA (1) home office deduction (1) home-based business (1) perk (1) perks (1) cafeteria plan (1) kentucky tax law (1) gas (1) fuel (1) supply (1) suppliers (1) supplier (1) marketplace (1) market (1) online (1) supplies (1) scam (1) product (1) seller (1) buyer (1) work opportunity tax credit (1) work opportunity (1) Kirsch promotions (1) auditor (1) assessment (1) amend (1) amended (1) internal control reviews (1) compilation (1) inventory tracking (1) labor cost tracking (1) job costing (1) networking (1) projects (1) collecting (1) family business (1) cost approach (1) ESG (1) environmental (1) social (1) governance (1) fraud risk (1) risk assessment (1) equipment (1) purchase (1) combat inflation (1) ESOP (1) Employee Stock Ownership Plans (1) company stock (1) ERISA (1) Employee Retirement Income Security Act of 1974 (1) corporate (1) legislation (1) profitability analysis (1) best places to work (1) best of the best (1) firm (1) leases (1) accounting standard (1) SALT cap workaround law (1) lend (1) lending (1) loans (1) loaning (1) case study (1) tech (1) buy-sell (1) legacy gift (1) funding (1) living trust (1) will (1) wealth (1) financial management (1) payroll support (1) statement (1) tool (1) accrual-basis (1) rollover (1) inventory (1) disaster (1) interruption insurance (1) Business interruption (1) charity (1) charitable donation (1) corporation (1) cashflow (1) research expenses (1) income tax liability (1) research credit (1) types of financials (1) SSA (1) Social Security Administration (1) wage base (1) claim (1) small business owner (1) reduce (1) reduction (1) Research & Development (1) research & development expenses (1) expenses (1) risk management (1) PTE (1) Pass-through entity (1) 2023 outlook (1) chief financial officer (1) bookkeeper (1) next level accounting services (1) strategic tax planning (1) pricing analysis (1) cash flow planning (1) exit and retirement planning (1) SECURE (1) Setting Every Community Up for Retirement Enhancement 2.0 Act (1) bill (1) required minimum distribution (1) contributions (1) mileage rate (1) rate (1) medical (1) moving (1) standard mileage (1) ati (1) adjusted taxable income (1) research and experimentation (1) R&E (1) digital enterprise (1) mobile (1) cloud-based (1) financial statement (1) forecasting (1) projections (1) projection (1) NOL (1) net operating loss (1) COD (1) cancellation of debt (1) forgiven (1) forgiveness (1) financial roadmap (1) payroll tax deferral (1) quickbooks (1) SafeSend Returns (1) valuing (1) holistic (1) fradulent (1) invoices (1) ethereum (1) FSOC (1) Financial Stability Oversight Council (1) fringe (1) fringe benefit tax (1) fringe benefits (1) SECURE Act 2.0 (1)

Sign Up for Email Updates

Related Articles