DOL Issues Cybersecurity Guidance for All ERISA-Covered Retirement and Health and Welfare Plans

The Employee Benefits Security Administration (EBSA) updated its cybersecurity guidance by publishing Compliance Assistance Release 2024-01, clarifying applicability to all types of plans covered by the Employee Retirement Income Security Act (ERISA).

The Compliance Assistance Release applies to plan sponsors, fiduciaries, recordkeepers and plan participants to protect information and assets from cybersecurity risks. The compliance updates guidance released in 2021 and 2022 to ensure that all ERISA plans, including health and welfare plans and all employee pension benefit plans, are included.

In addition, EBSA updated the following documentation:

• Tips for Hiring a Service Provider: Helps plan sponsors and fiduciaries prudently select a service provider with strong cybersecurity practices and monitor their activities, as ERISA requires.
• Cybersecurity Program Best Practices: Assists plan fiduciaries and record-keepers in their responsibilities to manage cybersecurity risks.
• Online Security Tips: Offers plan participants and beneficiaries who check their retirement accounts or other employee benefit plan information online basic rules to reduce the risk of fraud and loss.
  

News release