Formally wading into the cybersecurity discussion for the first time, on April 14, 2021, the U.S. Department of Labor (DOL) posted on its website a suite of new guidance, including Tips for Hiring a Service Provider with Strong Cybersecurity Practices, Cybersecurity Program Best Practices, and Online Security Tips for Participants and Beneficiaries.
By way of background, cybersecurity has over the last decade become an area of critical importance to sponsors and administrators of employee benefit plans as well as plan participants. Put simply, this is because plans (which the DOL estimates hold $9.3 trillion in assets) are a prime target of cyberthieves, given that they typically hold significant amounts of sensitive participant data, often permit electronic access to funds (think 401(k) distributions) and rely on outside service providers, who provide additional access points for breach. This risk was only exacerbated by the COVID-19 shutdowns, where benefits personnel and their service providers quickly had to transition to working remotely and begin relying on electronic access more than ever before.