Cybersecurity Next Steps for Employee Benefit Plans

Multiemployer Benefit Plans, Cyber and Information Security Services, Labor Unions, Employee Benefit Plan Services

By now, you have heard about the Department of Labor’s guidance for employee benefit plans and best practices for cybersecurity programs. But now you may be thinking…what do we do now? There’s a lot of information and recommendations packed into those twelve best practices, so let’s break it down into actionable items you can take now to improve the Plan’s cybersecurity program.

Prudent Risk Assessments

The DOL defines a risk assessment as “an effort to identify, estimate, and prioritize information system risks.” While this can seem overwhelming due to the constantly changing nature of your IT environment, we recommend that management starts with this assessment. Engaging an outside party to objectively evaluate what systems and controls, and policies are in place and those that are not in place is a critical place to start any assessment. This assessment should provide the trustees with a formal, written risk assessment to be revisited annually.

Identify Vulnerabilities

In addition to the above, several tests can be performed to identify the Plan’s cyber vulnerabilities.

A vulnerability scan scans all technology connected to your organization’s network. Upon completion, you will know which systems have vulnerabilities and/or weaknesses that cybercriminals could exploit. In addition to the scan, your outside vendor should also provide an analysis of external services (ex. remote access connections like VPN) and determine external vulnerabilities.

External penetration testing (“ethical hacking”) mimics a hacker’s techniques and tactics, allowing Plans to see which attacks could be successful against your network. The purpose of the penetration test is to find as many successful attack combinations as possible. Penetration testing takes a vulnerability scan to the next level and identifies precisely which combinations will be successful.

Internal penetration testing will assess how much damage can be done once a hacker gains access to the network.

Cyber Services Calculator

Cyber breaches and attacks are not one-size-fits-all and neither are the services or cybersecurity costs. You can learn more about the different services that Withum can provide and get an estimate of the cost of cybersecurity for your business by using our cyber services calculator.

Author: Alyssa Harbaugh, CPA | [email protected]

Multiemployer Benefit Plans Services

Contact Us

Please reach out to a member of Withum’s Multiemployer Benefit Plans Team to help further address your questions.

Let's Chat
Read More
image of people gathered at desks on computers

Multiemployer Benefit Plans

Withum is among the few firms in the nation that specializes in multiemployer benefit plan audit and advisory services. Our experience includes multiemployer benefit plans of all sizes, including: Hot […]

Learn More
Photo of a lock.

Cyber and Information Security Services

Cybersecurity: Businesses Need the Right Protection Our Cyber threats continue to grow at an exponential rate. Additionally, the constantly changing technical landscape, including the introduction of disruptive technologies such as […]

Learn More
Image of a construction hat, tools, and American flag

Labor Unions

Focusing on all the areas of your labor union’s operations can hold many challenges. Government regulations are continually changing and keeping pace with those changes while having your members’ best […]

Learn More
Image of icons representing employment benefits.

Employee Benefit Plan Services

When Consistent Quality and Convenience Matters The role of a plan administrator comes with great responsibility as the complexity of employee benefit plans requires businesses to follow extensive accounting and […]

Learn More