Consolidation Corner

Cybersecurity Meets Retirement Security

Posted by Mike Goode on Jul 10, 2017 3:13:41 PM


Everyone, it seems, is concerned about cybersecurity these days, and with good reason. Each week seems to bring a new round of headlines, making it clear that identity theft and criminal cyber activity have become persistent features of our lives. 


The victims of cyber-crime can be wide-ranging, including governments, industry sectors, corporations of all sizes and individuals. The sources of cyber threats are equally diverse, originating from rogue nation-states, crime cartels, “lone wolf” hackers and even disgruntled employees.


As individuals, we know how important it is to protect our privacy. If we haven’t personally been the victim of identity theft or had sensitive data exposed in a major corporate data breach, the odds are that someone close to us has. 


Institutions at all levels who are threatened by cyber-crime devote significant resources to hardening and continually evaluating their security. For example, it’s now common practice to employ “white-hat” hackers who perform penetration testing to identify vulnerabilities so they can be fixed before being exploited by the “black-hats” or bad guys. The lessons learned from these exercises are invaluable and help institutions enhance the security of their information systems.


Cybersecurity in the Retirement Services Industry

With trillions of dollars in assets to safeguard, the retirement services industry is now intensely focused on the issue of cybersecurity. It’s a challenge, because retirement savings plans will likely use and share their data with multiple third parties, including recordkeepers, third party administrators, asset managers, advisors and other providers – all of whom may have access to sensitive participant, beneficiary and employer information. 


Recently, the Department of Labor’s ERISA Advisory Council, as well as other industry organizations such as SPARK, have begun to provide leadership in establishing cyber security standards for workplace benefits plans.


Cyber Safety Tips for Retirement Plan Participants

What can retirement plan participants do to protect their retirement savings? 


Read More

Topics: Security

Don’t forget about your service provider’s internal security

Posted by Mike Goode on Dec 10, 2015 8:53:38 AM


With attention-grabbing headlines about major security breaches occurring almost daily, plan sponsors need to be assured that their service providers are on guard 24-7, protecting sensitive information and intellectual property, wherever it may reside.


One sign that a service provider has a strong commitment to security and controls is SOC certification, which results from successful Service Organization Controls (SOC) examinations. SOC examinations are conducted in accordance with attestation standards established by the American Institute of CPAs (AICPA), and are designed to provide comfort that a service organization meets key security principles, validated through an independent service audit.


Protect Sensitive Information, In Whatever State It Resides


It’s important to understand that sensitive information and intellectual property doesn’t just reside on a storage device, or on a piece of paper.  It can also be at rest or on the move, and it’s critical for a service provider to understand the various states in which it resides, and to formulate protective measures for each of those states, including:


  • In use: Actions such as copying data to a storage device or printing it
  • In motion: Network communications such as email, web traffic and instant messaging
  • At rest: Data stored in file shares or on users’ drives or devices


Kicking the Tires of Your Service Provider’s Internal Security


Once we understand the different states of data, we can formulate & implement specific, protective security measures. 


Here is an important (but by no means exhaustive) list of some of the internal measures we believe are critical for all service providers to adopt, and that we’ve taken care to effectively implement throughout our organization.


Read More

Topics: Security

SOC Examinations Designed To Provide Comfort

Posted by Mike Goode on Jul 16, 2015 4:23:00 PM

 AICPA Service Organization Control Reports SOC SAS 70 Reports Logo

Gaining Comfort That an External Plan Service Provider Has Adequate Security and Controls

Say you’re a plan sponsor, and you’re using (or seeking to use) external services for:


Question: What gold-standard certification is going to give you comfort that your provider-of-choice meets the highest standards of excellence for transactional controls, security, availability, confidentiality and privacy? 


Answer: Service Organization Controls (SOC) examinations. SOC examinations are conducted in accordance with attestation standards established by the American Institute of CPAs (AICPA), and designed to provide comfort that service organizations meet the key principles identified above, through an independent service audit. A “system” is broadly-defined -- comprised of infrastructure, people, procedures and data used to complete the services provided, and encompassing information and asset security.

Read More

Topics: Security

Click Here To View RCH's Upcoming Events!

Consolidation Corner

Don't get left behind!!

Be sure to sign up to receive our emails keeping you up to date on all of the latest industry news, events and articles featuring Retirement Clearinghouse!

Click Here To Download  BRT's Executive Summary  on the Mobile Workforce

Subscribe to Email Updates

Recent Posts