#2: A Practical Implementation of the DOL’s Cybersecurity Guidance

In this episode, Jay Gepfert, Managing Partner of DOL Cybersecurity, LLC, and I discuss ways retirement and benefit plan sponsors can meet the standards set out by the Department of Labor's Cybersecurity Guidance, issued in April 2021.

The DOL's sub-regulatory guidance came in the form of three publications.

One is titled Online Security Tips, which is mainly intended to advise individuals on protecting their personal information and accounts online.

A second, called Tips for Hiring a Service Provider, helps plan sponsors by outlining what to look for and questions to ask prospective providers about their systems controls and cybersecurity practices.

And a third, titled Cybersecurity Program Best Practices, is the most detailed of the three and sets out 12 best practices with several sub-points for each.

In this episode, whenever we refer to the DOL's guidance or guidelines, we mainly refer to the best practices publication, which contains specific suggestions for plan sponsors and fiduciaries.

While these publications don't set forth specific actions that fiduciaries are required to take, it's clear the Department of Labor's intention is for this guidance to form a standard for how proper benefit plan-related cybersecurity measures should be established and maintained.

Some of the topics we discuss in this episode include the following:

· Which types of plans this guidance covers,

· Who has the ultimate responsibility for ensuring a plan’s cybersecurity,

· Possible consequences of not following the DOL’s guidance on cybersecurity,

· How Jay’s firm performs a cybersecurity assessment,

· The plan sponsor’s role during the assessment,

· About how long it takes to complete an assessment,

· Why a plan sponsor might want to think twice about having their internal IT department conduct an assessment,

· And more

Links and Contact Information

· The DOL’s original press release

· DOL publication Online Security Tips