Skip to main content

You are here

Advertisement

Ask Yourself About Online Security

Reports of hacks, identity theft and more highlight the importance of making sure information about plan participants and beneficiaries is secure. In fact, it’s more than a good idea — it’s part of a fiduciary’s duty.

The 401(k) HelpCenter suggests questions to ask to make sure participants’ and beneficiaries’ data are kept safe. The questions are geared toward helping plan sponsors gauge their service providers’ commitment to data security. But for service providers, they make a good checklist for your online security measures — not to mention better demonstrating to clients how well served they are.

Do you:

  • Conduct periodic risk assessments to identify cybersecurity threats, vulnerabilities and potential business consequences?
  • Have processes and systems for dealing with cybersecurity threats and protecting personal identifiable information?
  • Have an annual independent assessment of its cybersecurity processes?
  • Have a chief information security officer or equivalent position?
  • Use advanced authentication? If so, can it explain the process?
  • Have policies on storing personal identifiable information including where and how long it is stored, and how it is eliminated?
  • Have a privacy and security policy?
  • Have a policy regarding storage of personal identifiable information on laptops and portable storage devices?
  • Regularly update technology systems?
  • Train all personnel who come in contact with personal identifiable information on adequate protection of the information?
  • Carry cybersecurity insurance?
  • Experience security breaches?

Anything missing from that list? Use the comment box to add to it.