On a recent AICPA Employee Benefit Plan Audit Quality Center webcast, the Chief Accountant of the Department of Labor expressed the DOL’s concerns over cybersecurity. Specifically, the DOL believes that electronic plan records, whether they are maintained in-house and/or maintained by the financial services industry, are vulnerable to cyber-attacks.
The DOL believes that Plan administrators should be evaluating their plan’s cybersecurity governance as a part of their risk assessment including service providers and their vendors. According to the DOL, Plan administrators should make sure that plan and its providers and vendors for electronic plan records have:
- Written information security policies –encryption;
- Periodic audits to detect threats;
- Periodically tested backup and recovery plans;
- Responsibility for losses-cyber security insurance; and
- Training policies to reinforce data security.