Sharrard McGee & Co., PA Audit Manager Starla Hughes reports from the second day of the AICPA Employee Benefit Plans Conference in Las Vegas that "Cybersecurity is a huge buzzword today. Plan sponsors should be aware that plans have a lot of information at risk - social security numbers, birthdates, addresses, and, in the case of receiving electronic distribution payments, bank account information for their participants. Electronic information is flowing from the Plan Sponsor out to payroll providers, recordkeepers, third-party administrators and others.
Here are just a couple of tips discussed in one of the sessions:
- If you have a cybersecurity policy check to see if it covers the Employee Benefit Plans.
- Ask your service providers if they have a SOC for Cybersecurity. This would detail their internal controls over the information they gather & disseminate.
- All Plan Sponsors should review their internal controls & come up with a plan to protect & deal with any security breaches.
As our speaker said, ‘It’s not a matter of IF but WHEN you will be attacked.’”