With so much of benefit administration being electronic it should come as no surprise that cybersecurity continues to be an issue. In 2021 the Employee Benefits Security Administration (EBSA) issued guidance to assist plan sponsors, fiduciaries, service providers and participants to safeguard plan data, personal information and plan assets. In Compliance Assistance Release 2024-01 EBSA confirms that guidance generally applies to all employee benefits, including health and welfare plans.
The guidance released in 2021 consists of three areas:
- Tips for Hiring a Service Provider.
- Cybersecurity Program Best Practices.
- Online Security Tips
EBSA updated all three areas to specify that plan participants, employers, plan sponsors and fiduciaries of both retirement and health plans should follow the guidance and have strong cybersecurity practices.
As plan sponsors and fiduciaries assess and update their cybersecurity practices, they want to keep in mind the cybersecurity practices and strategies of service providers and select service providers with strong cybersecurity practices.
The information contained in this Benefit Beat is not intended to be legal, accounting, or other professional advice, nor are these comments directed to specific situations. This information is provided as general guidance and may be affected by changes in law or regulation. This information is not intended to replace or substitute for accounting or other professional advice. You must consult your own attorney or tax advisor for assistance in specific situations. This information is provided as-is, with no warranties of any kind. CBIZ shall not be liable for any damages whatsoever in connection with its use and assumes no obligation to inform the reader of any changes in laws or other factors that could affect the information contained herein.
© Copyright CBIZ, Inc. All rights reserved. Use of the material contained herein without the express written consent of the firms is prohibited by law. This publication is distributed with the understanding that CBIZ is not rendering legal, accounting or other professional advice. The reader is advised to contact a tax professional prior to taking any action based upon this information. CBIZ assumes no liability whatsoever in connection with the use of this information and assumes no obligation to inform the reader of any changes in tax laws or other factors that could affect the information contained herein. Material contained in this publication is informational and promotional in nature and not intended to be specific financial, tax or consulting advice. Readers are advised to seek professional consultation regarding circumstances affecting their organization.
“CBIZ” is the brand name under which CBIZ CPAs P.C. and CBIZ, Inc. and its subsidiaries, including CBIZ Advisors, LLC, provide professional services. CBIZ CPAs P.C. and CBIZ, Inc. (and its subsidiaries) practice as an alternative practice structure in accordance with the AICPA Code of Professional Conduct and applicable law, regulations, and professional standards. CBIZ CPAs P.C. is a licensed independent CPA firm that provides attest services to its clients. CBIZ, Inc. and its subsidiary entities provide tax, advisory, and consulting services to their clients. CBIZ, Inc. and its subsidiary entities are not licensed CPA firms and, therefore, cannot provide attest services.