In 2021, the U.S. Department of Labor (DOL) issued 3 documents outlining guidance on cybersecurity practices for benefits plans, which we discussed in a blog post at the time. The DOL recently issued revised versions of the original three documents in its Compliance Assistance Release No. 2024-01. The revised versions of these documents clarify that they apply not just to pension plans, but to health and welfare plans as well.  While the revised documents largely remain consistent with their initial versions, there were a few tweaks. In summary:

  • Tips for Hiring a Service Provider with Strong Cybersecurity Practices: Language was added advising that the negotiating party confirm specifically that applicable insurance policies would cover cyber breaches and incidents involving the plan.
  • Cybersecurity Program Best Practices: Additional detail was included on multi-factor authentication (MFA), including advising plans to deploy phishing-resistant Multi-Factor Authentication (MFA) if possible, implement MFA on internet-facing systems, and require MFA to access network areas with sensitive information. Moreover, a bullet was added encouraging notification of participants without unreasonable delay if their personal data is the subject of unauthorized acquisition.
  • Online Security Tips for Participants and Beneficiaries: Recommendations with respect to passwords or passphrases have been revised, including to encourage longer password or passphrases that may be reset less frequently (at least annually).

Proskauer Perspective
Cyber security concerns related to employee benefits plans continue to be a significant area of concern, and it is important that plan fiduciaries evaluate potential vulnerabilities and take steps to mitigate risk. This includes reviewing and improving upon the systems and practices of the plan sponsor and administrator as well as diligently monitoring the systems and practices of any plan vendors.

Print:
Email this postTweet this postLike this postShare this post on LinkedIn
Photo of Katrina McCann Katrina McCann

Katrina E. McCann is a senior counsel in the Tax Department and a member of the Employee Benefits & Executive Compensation Group.

Katrina advises a diverse group of clients on a broad spectrum of employee benefits matters, including:

  • counseling clients with respect to

Katrina E. McCann is a senior counsel in the Tax Department and a member of the Employee Benefits & Executive Compensation Group.

Katrina advises a diverse group of clients on a broad spectrum of employee benefits matters, including:

  • counseling clients with respect to the design, drafting, implementation and ongoing qualification of their qualified plans in both the single and multi-employer context, including profit sharing, money purchase, 401(k), ESOP, and defined benefit plans;
  • providing counsel on the establishment, administration and continued legal compliance of health & welfare plans and programs;
  • advising tax-exempt organizations regarding their 403(b) plans and 457 arrangements;
  • creating and advising on non-qualified plans, including deferred compensation and supplemental employee retirement plans;
  • providing technical and practical advice on compliance with ERISA, the Internal Revenue Code, the Affordable Care Act, COBRA, HIPAA, and other laws affecting employee benefit plans, as well as issues concerning plan administration, qualification requirements, correction of plan document failures, fiduciary issues and prohibited transaction issues;
  • routinely working with clients and their service providers, advising on the RFP process, reviewing provider arrangements and collaborating to develop effective and compliant disclosures, government reporting forms and participant communications;
  • analyzing the employee benefits and executive compensation issues in connection with corporate transactions, advising on withdrawal liability matters and structuring benefit plans following a transaction and providing counsel with respect to all aspects of benefit plan mergers; and
  • advising both employers and senior executives in connection with various executive compensation matters, including the negotiation and drafting of equity plans and awards, employment agreements, severance agreements and other compensation arrangements.

Katrina is a member and former co-chair of Proskauer Women’s Alliance Steering Committee and serves on the Firm’s Reproductive Rights Steering Committee. She is also a Board member of Playwrights Horizons, an off-Broadway theater dedicated to the development of contemporary American playwrights and the production of innovative new work, and a Board member of the Axe-Houghton Foundation.

Prior to joining Proskauer, Katrina served as Special Assistant to the Mayor’s Office of Pension and Investments and was Special Assistant Corporation Counsel, Pensions Division, New York City Law Department. While in law school, Katrina was the Robert M. LaFollette/Keenan Peck Legal Fellow, serving in the offices of Senator Herb Kohl & the United States Senate Committee on the Judiciary.