No individual, organization or industry is immune from cyber-attacks. Attackers specifically target organizations with access to highly sensitive information, like plan sponsors of benefit plans or service providers. The operation and administration of benefits plans requires collecting, processing and storing data assets among multiple parties. To minimize risks, one must understand the types of data, data flows, control points and the responsibilities of each party involved. Come to this session to:
• Distinguish plan sponsor cybersecurity concerns and responsibilities under ERISA;
• Identify the Department of Labor’s Cybersecurity Considerations for Benefit Plans report and how to use this report in evaluating plan controls and safeguards;
• Recognize auditors’ roles and responsibilities when auditing an employee benefit plan.
CPA, CGMA, CITP,
Partner, National SOC & WebTrust Leader,
BDO USA, LLP