Stewards of Retirement Plans Must Consider Cybersecurity Risks

In April 2021, the U.S. Department of Labor’s Employee Benefits Security Administration (EBSA) issued cybersecurity guidance for employee retirement plans. While the risks have been around for decades, they’ve skyrocketed in the aftermath of COVID-19 and the proliferation of hybrid and remote work.

Roland Criss, an independent provider of fiduciary protection and certification programs, interviewed Donny Shimamoto, CPA, CITP, CGMA, the founder and managing director of IntrapriseTechKnowlogies LLC, to discuss cybersecurity principles and practices for its podcast, “The Excellent Fiduciary.”

The Center for Accounting Transformation recently completed a study on hybrid work and cybersecurity risks and found that the most common unaddressed threat was securing home networks for remote employees, Shimamoto shared. During the podcast, he shares several common scenarios that occur all the time that employees and executives may not consider threatening.

The executives who staff retirement plan committees tend not to come from the technology side of their enterprises. For that reason, cybersecurity can be challenging for those who carry a fiduciary duty for their plans. However, because the U.S. Department of Labor has made a fiduciary obligation to implement and follow cybersecurity best practices and because cyber-attacks are a severe threat facing all types of employee benefit plans, anyone charged with overseeing their organization’s plans should listen to this podcast for a primer.

To learn additional ways to mitigate cybersecurity risks, view upcoming courses, including Understanding Your Cybersecurity Tech Options: How Non-Techies Can Mitigate Their Malware Risks.