DC Plan Cybersecurity
Protecting Participants’ Data — and the Plan — Requires a Multifaceted Strategy
Protecting defined contribution (DC) plan data is a high priority. It is also a growing challenge given that data breaches are increasingly common.
DC plan sponsors must be vigilant, because the personally identifiable information (PII) they safeguard is a tempting target for cybercriminals.
Yet, for DC plans, business process failures are a more likely source of data breaches.
Fortunately, there are steps DC plan sponsors can take to manage cybersecurity risk effectively.
We recommend a nine-part strategy that includes:
- Creating an information security policy and an incident-response plan;
- Minimizing requests for and use of PII;
- Training staff regularly;
- Assessing the IT environment;
- Mandating use of encryption for data-at-rest and
- Assessing recordkeepers’ technology;
- Reviewing recordkeepers’ security procedures;
- Setting up and regularly reviewing system activity logs; and
- Maintaining adequate levels of cyber liability protection.