Family Office

Drive your legacy forward with tailored wealth services,
expert guidance, and exclusive opportunities curated for ultra-high
net worth families.

About Family Office Insights

Speak with a Partner

content-image

John W. Sleeting

Managing Partner – Family Office Services

Learn More

Institutional Advisory Services

Foster successful outcomes for your business, employees,
foundation or endowment with the expertise of our team, under a
true fiduciary standard.

About Institutional Advisory Services Insights

Start a Conversation

content-image

Karie M. OConnor,
CIMA®, CPFA®, AIFA®, QKA®

Director – Institutional Advisory Services

Learn More

Private Wealth

Tailor your strategies for financial success through a comprehensive
suite of personalized services designed for successful individuals
and families.

About Private Wealth Insights

Speak with a Partner

content-image

Jeffrey P. DeHaan, CFP®

Managing Partner – Private Wealth Management

Learn More

"*" indicates required fields

What can we help you with?

Choices*

Provide us with your contact information:

"*" indicates required fields

Schedule Your First Meeting

Name*

"*" indicates required fields

Start A Conversation

Name*

"*" indicates required fields

What can we help you with?

Choices*

Provide us with your contact information:

Connect Today to Explore Your Potential For Prosperity

How It All Started: Building a Firm Beyond Wall Street’s Vision
Listen to the Whole Podcast

Cybersecurity for Retirement Plans: What Plan Sponsors Need to Know

Karie M. OConnor Kevin G. Carani July 10, 2024

Ensuring the security of retirement plan data and assets is crucial. While there are no binding rules on cybersecurity for 401(k) and defined benefit plans, the Department of Labor (DOL) has issued best practices and recommendations for fiduciaries and record keepers. These guidelines emphasize that plan fiduciaries have an obligation to properly mitigate cybersecurity risks, although these practices are not mandatory. Even without clear and uniform legal regulations, all plan fiduciaries must take steps to protect participants from cyber theft and data breaches.

The DOL has issued a document setting out best practices and practical steps employers can take to enhance the security of their plans, and to prepare themselves in the event of a Department of Labor audit.

Here’s a link to that document US Department of Labor announces new cybersecurity guidance for plan sponsors, plan fiduciaries, record-keepers, plan participants | U.S. Department of Labor (dol.gov)

Why is the DOL taking the issue of cybersecurity so seriously? Here are a few sobering statistics:

  • Global cybercrime damage costs are expected to grow by 15% per year over the next two years, reaching $10.5 trillion USD annually by 2025 (Forbes).
  • For 2023, the United States continues to have the highest cost of a data breach at $5.09M (IBM).
  • When remote work is a factor in causing a data breach, the average cost per breach is $173,074 higher, underscoring the cybersecurity challenges in the evolving work landscape (IBM).
  • Participant records contain personal and financial data, SSN, home addresses and more

With so much at risk, it is imperative that Plan Sponsors arm themselves with best practices to combat these trends.

Here are some questions often asked by the Department of Labor when plans are audited:

  1. Do you have a privacy and security policy in place, and does the policy apply to data held by benefit plans?
  2. Is the policy clear with respect to storing PII on laptops and portable storage devices?
  3. Does your service provider have policies on storing PII including where it is stored, how long it is stored, and how it is eliminated?
  4. Phishing is a major problem because it can get right through the tightest security protocols. What measures does the recordkeeper have against phishing?
  5. Does the recordkeeper utilize their own technology or do they outsource recordkeeping technology to a third party?
  6. Does the provider carry cybersecurity insurance?

The Department of Labor has also issued online security tips for plan participants.

Because participants are often where the breach occurs, plan sponsors should remind participants of the importance of registering their accounts, routinely monitoring their account, and the use of strong, unique passwords with multi-factor identification. Participants should be wary of free WIFI and be on guard for phishing attacks. Plan sponsors should also be sure to document what Cybersecurity Participant Education has been conducted.

A Cybersecurity Compliance Plan can protect plans and fiduciaries from cybersecurity breaches and noncompliance and can protect participants from unauthorized access of personal information.

Your team at Clearwater Capital Partners feels so strongly about this topic that we are hosting a webinar with expert presenters.

During our upcoming webinar, our guest speakers will outline actionable Key Steps (cybersecurity policy, participant education, vendor reviews, and insurance coverage) and provide suggested action items you can take. Join us on July 25th, with special guest speakers, Lisa Van Fleet and Jason Wroblewski to learn more about this challenging and timely topic.

 

SAVE THE DATE:

WEBINAR
July, 25th, 12:00pm – 1:00pm CST

Cybersecurity and ERISA: Compliance & Protections

Join Clearwater Capital Partners for a Virtual Plan Sponsor Event and Discussion around Cybersecurity and ERISA: Compliance & Protections.

Leading this discussion includes guest speaker Lisa Van Fleet, Partner at BCLP Law, and Jason Wroblewski, Regional Vice President at Ascensus.

Please reach out to your plan advisor with questions, and more information.

Karie M. OConnor

Kevin G. Carani

disclosure

THIS COMMENTARY HAS BEEN PREPARED BY CLEARWATER CAPITAL PARTNERS. THE OPINIONS VOICED IN THIS MATERIAL ARE FOR GENERAL INFORMATION ONLY AND ARE NOT INTENDED TO PROVIDE OR BE CONSTRUED AS PROVIDING LEGAL, ACCOUNTING, OR SPECIFIC INVESTMENT ADVICE OR RECOMMENDATIONS FOR ANY INDIVIDUAL. ALL ECONOMIC DATA IS DERIVED FROM PUBLIC SOURCES BELIEVED TO BE RELIABLE. TO DETERMINE WHICH INVESTMENTS MAY BE APPROPRIATE FOR YOU, PLEASE CONSULT WITH US PRIOR TO INVESTING. INVESTING INVOLVES RISK WHICH MAY INCLUDE LOSS OF PRINCIPAL.

This material is not intended to be relied upon as a forecast, research or investment advice, and is not a recommendation, offer or solicitation to buy or sell any securities, insurance products, or to adopt any investment strategy. The opinions expressed are as of the date of writing and may change as subsequent conditions vary. The information and opinions contained in this material are derived from proprietary and nonproprietary sources deemed by Clearwater Capital Partners to be reliable, are not necessarily all-inclusive and are not guaranteed as to accuracy. Past performance is no guarantee of future results. There is no guarantee that any forecasts made will come to pass. Reliance upon information in this material is at the sole discretion of the reader. Investment involves risks. International investing involves additional risks, including risks related to foreign currency, limited liquidity, less government regulation and the possibility of substantial volatility due to adverse political, economic or other developments. Index performance is shown for illustrative purposes only. You cannot invest directly in an index. S&P 500 is a registered trademark of Standard & Poor’s Financial Services, a division of S&P Global (“S&P”)  DOW JONES, DJ, DJIA and DOW JONES INDUSTRIAL AVERAGE are registered trademarks of Dow Jones Trademark Holdings (“Dow Jones”). The two main risks related to fixed-income investing are interest rate risk and credit risk. Typically, when interest rates rise, there is a corresponding decline in the market value of bonds. Credit risk refers to the possibility that the issuer of the bond will not be able to make principal and interest payments.

Connect

Learn more about Clearwater Capital

"*" indicates required fields

Schedule Your First Meeting

Name*