We use cookies to improve your experience and optimize user-friendliness. Read our cookie policy for more information on the cookies we use and how to delete or block them. To continue browsing our site, please click accept.

Cybersecurity Next Steps for Employee Benefit Plans

By now, you have heard about the Department of Labor’s guidance for employee benefit plans and best practices for cybersecurity programs. But now you may be thinking…what do we do now? There’s a lot of information and recommendations packed into those ten best practices, so let’s break it down into actionable items you can take now to improve the Plan’s cybersecurity program.

Identify Vulnerabilities

Identifying potential cyber risks makes all the difference in the protection of your highly sensitive data. Vulnerability scans and penetration testing provide meaningful insights about known and unknown risks, industry and organizational IT security challenges, and more.  It arms you with proactive, actionable intelligence to make informed decisions, and is a significant competitive advantage.

  • A vulnerability scan is a scan of all assets connected to your organization’s network. Upon completion, you will know which systems are vulnerable to which public vulnerabilities. In addition to the scan, Withum can also provide analysis of external services (ex. remote access connections like VPN) and determine external vulnerabilities.
  • External penetration testing mimics a hacker’s techniques and tactics, which allows plans to see which attacks could be successful against your organization’s network. The purpose of the penetration test is to find as many successful attack combinations as possible. Penetration takes it a step further than a vulnerability scan and identifies exactly which combinations will be successful and then developing enhancements to reduce or remove the vulnerabilities.
  • Internal penetration testing will tell you how much damage can be done once a hacker gains access to your network.

Cyber Training:

Did you know that 95% of cybersecurity breaches are caused by human error? (Cybint)

Withum’s cyber experts can lead webinars to train your employees on cyber threats in the workplace. As the world becomes increasingly virtual, start now by equipping your employees with the information they need to reduce the risk of a cybersecurity attack.

A cybersecurity attack on your organization is a “when” not “if” concern – start being proactive now and protect yourself and your organization.

Consider Investing in a Virtual Chief Information Security Officer

A Virtual Chief Information Security Officer (vCISCO) can analyze your existing information security program and review, improve and develop items such as an incident response plan, business continuity plan and disaster recovery plan.

Even with limited resources, outsourcing this important role is affordable and brings access to cost effective, scalable resources. A vCISO can:

  • Build a new program if one does not exist.
  • Help you understand your cyber risk and advise on effective resource management to reduce cyber risk.
  • Coordinate and direct security implementation across the Plan.
  • Develop incident response, business continuity and disaster recovery plans.
  • Exercise developed security capabilities.

Withum offers full-service solutions that give you all the resources you need to continuously and successfully manage your security program to minimize risk and maximize return on investment.

Author: Alyssa Harbaugh, CPA | aharbaugh@withum.com

Please reach out to a member of Withum’s Multiemployer Benefit Plans Team to help further address your questions.

Multiemployer Benefit Plans Services

Previous Post
Next Post
Article Sidebar Logo Stay Informed with Withum Subscribe
X

Get news updates and event information from Withum

Subscribe