According to a recent survey, about 45 percent of companies do not have a chief information security officer (CISO). As technology consultancy West Monroe's The Importance of a CISO observes, it would be terrific for all organizations to have a CISO, but that simply may not be practical for some, particularly smaller organizations. Recent internal audit guidance issued by the federal Department of Labor (DOL), however, directs its investigators to verify the designation of a CISO when auditing retirement plans.
Read the rest of the article:
Do Retirement Plans Need a Chief Information Security Officer?
SHRM | Mar 2022
On May 15, 2024, the Securities and Exchange Commission (SEC) adopted amendments to Regulation S-P which governs the treatment of nonpublic personal information about consumers by certain financial institutions, many of which are commonly vendors and service providers to retirement plans. For example, the amendments reach broker-dealers, investment companies, registered investment advisers, and transfer agents. Importantly, the amendments establish specific cybersecurity requirements for these entities, requirements that retirement plan fiduciaries should be aware of.
Why Retirement Plan Sponsors and Fiduciaries Need to Know about the SEC Cybersecurity Amendments
Jackson Lewis | May 2024
401(k) World: Cyber Thieves
Plan Adviser | Mar 2024
Developing A Cybersecurity Policy For ERISA Plans
Harter Secrest | Jan 2024
Retirement Plans & Cybersecurity: Insights for Plan Sponsors
BDO USA | Nov 2023
Protecting 401(k) Participants from Cybertheft Should be a Priority-What Sponsors and the Government Can Do
Cohen Buckmann | Jul 2023
Tips for Hiring a Service Provider
Tips For Hiring a Service Provider With Strong Cybersecurity Practices
DOL | Apr 2021
401k Service Providers and Cybersecurity: Questions to Ask
401(k) Help Center
Related reading: Another Cybertheft Lawsuit Spotlights 401(k) Recordkeeper Procedures
Cohen & Buckmann | Aug 2022
DOL Issues Cybersecurity Best Practice for Retirement Plans
A little more than three years ago, the U.S. Department of Labor (DOL) posted cybersecurity guidance on its website for ERISA plan fiduciaries. That guidance extended only to ERISA-covered retirement plans, despite health and welfare plans facing similar risks to participant data.
Last Friday, the DOL’s Employee Benefits Security Administration (EBSA) issued Compliance Assistance Release No. 2024-01. The EBSA’s purpose for the guidance was simple – confirm that the agency’s 2021 guidance generally applies to all ERISA-covered employee benefit plans, including health and welfare plans.
Read the rest of the article:
DOL Expands Fiduciary Obligations for Cybersecurity to Health and Welfare Plans
Jackson Lewis | Sep 2024
The U.S. Department of Labor's Employee Benefits Security Administration (EBSA) in April 2021 issued much-anticipated cybersecurity guidance for employee retirement plans. The essence of the guidance is that responsible plan fiduciaries have an obligation to ensure proper mitigation of cybersecurity risks.
Read the rest of the article:
DOL Issues Cybersecurity Best Practices for Retirement Plans
Jackson Lewis via SHRM | Apr 2021
Related reading: Cybersecurity Requests Appear in DOL Audits
Groom | Oct 2021
New Cybersecurity Guidance for Plan Sponsors, Plan Fiduciaries, Record-Keepers and Plan Participants
Cybersecurity Program Best Practices
Tips for Hiring a Service Provider with Strong Security Practices
Online Security Tips
DOL Press Release and Guidance
SHRM Ask An Advisor
Get expert help on a wide range of HR topics. Access experienced, certified HR Knowledge
Advisors by phone, chat & email
Connect with An Advisor now: https://www.shrm.org/hrhelp
SHRM Members' Survey
Tell us what you think about the Express Request self-service feature in a few quick questions.
An organization run by AI is not a futuristic concept. Such technology is already a part of many workplaces and will continue to shape the labor market and HR. Here's how employers and employees can successfully manage generative AI and other AI-powered systems.
Related Content
HR must always include human intelligence and oversight of AI in decision-making in hiring and firing, a legal expert said at SHRM24. She added that HR can ensure compliance by meeting the strictest AI standards, which will be in Colorado’s upcoming AI law.
The proliferation of artificial intelligence in the workplace, and the ensuing expected increase in productivity and efficiency, could help usher in the four-day workweek, some experts predict.
Learn how Marsh McLennan successfully boosts staff well-being with digital tools, improving productivity and work satisfaction for more than 20,000 employees.