Don't Miss

Retirement Plan Cyberattacks a Real Threat for Fiduciaries

Retirement plan cyberattacks are no longer just a science-fiction plotline.  Retirement plan cyberattacks are todays reality.  With the Russia-Ukraine conflict heating up, the risk of cyberattacks is on the rise.  Human resources professionals must be hyper-vigilant about potentially disruptive cybersecurity threats, according to experts cited in a recent HR Dive article.

Should an outage or attack occur, HR professionals will be tasked with creating business continuity plans.  The charge requires coordination between the company and IT departments to put operations back on track.  In this vein, the Boy Scout motto has never been more applicable:  “Be prepared.”

Specifically, one of HR’s key roles in the event of a cyberattack will be breaking down key messages and protocols.  It is important to use language that everyone can understand, from the CEO to mail room clerks.  This will both keep things peaceful, and also serve as a compliance measure.

The HR Dive article highlighted a few key things for HR professionals to keep in mind should they find themselves in the midst of a cyberattack:

  1. Have a Plan B.  Companies should be prepared with backups and redundancies, and think as if a worst-case scenario is inevitable.  HR Dive gave the example of cloud-based storage.  Companies that rely on the cloud could, and should, make weekly backups and archives of key data, such as payroll information.
  2. Know how you’ll inform employees in advance.  With retirement plan cyberattacks comes chaos.  Therefore, it’s important to understand well before an attack occurs how to answer the questions of what data is impacted and what an organization’s obligations are in terms of reporting those impacts.  HR Dive noted HR departments should:
    • Determine the triggering event
    • Know the post-attack window in which they are obligated to inform employees, and if only affected employees, or all, must be notified
    • Know whether or not it’s necessary to contact a government entity
    • Understand the cybersecurity rules in their state, and the rules that apply with respect to remote workers in other states
  3. Triage the situation and go from there.  HR teams should determine how sensitive the data is that was hacked, and how much was compromised.  A response plan is critical, including offering employees defensive services, such as free auditing if Social Security numbers were stolen, or hiring forensics teams to investigate the breach.  HR departments are vital in, as HR Dive put it, helping employees “pick up the pieces”.  Cybersecurity in employer-sponsored retirement plans is another component to keep in mind, especially with the volume of sensitive employee data involved.
  4. Remain level-headed.  HR professionals should be prepared to manage employees’ emotional responses to a cyberattack. It’s vital to be clear and transparent in times of crisis, and also, it’s okay to not have all the answers and let employees know that.

Cybersecurity conversations should be catalysts for lasting change.  Today’s environment is a reminder that retirement plan cyberattacks need to be top of mind for HR and IT teams.

Steff Chalk

Steff Chalk

Managing Editor at 401kTV
Steff C. Chalk is Executive Director of The Retirement Advisor University, a collaboration with UCLA Anderson School of Management Executive Education. Steff also serves as Executive Director of The Plan Sponsor University and is current faculty of The Retirement Adviser University.
Steff Chalk

Check Also

Health Savings Education

Student Loan Forgiveness Helps Employees and Employers

Student loan forgiveness sounds too good to be true.  But, what does student loan forgiveness mean for employers?  It could be good news for employer benefit programs, and financial wellness.  In any case, it’s likely to prompt employers to consider ...