Cybersecurity & Fraud Resources
Plan sponsors, in addition to working with their recordkeeper, can better understand how they protect their employees by taking advantage of some of these free resources.
These resources offered by the Cybersecurity and Infrastructure Agency (CISA) and other organizations, can help plan sponsors reduce exposure to various threats, learn about industry best practices, and get information about how to respond in the event of an incident. As the cybersecurity space evolves, plan sponsors should be aware that they could be held liable if they do not follow prudent processes to safeguard plan data¹.
Below are links to various agencies grouped by topic. If you have any questions, please work with your recordkeeper for further assistance.
Free Security Testing:
CISA Cyber Resource Hub: CISA (part of the Department of Homeland Security) offers a variety of free assessments such as:
- Vulnerability scanning
- Phishing campaign assessments
- Risk and Vulnerability Assessments
- Cyber Resilience Review
- Remote Penetration Testing
- Web Application Scanning
Report an Incident / Incident Response Help:
Fraud Information & Current Threats:
Relevant Government Agencies:
Tips, Recommendations & Best Practices:
NSA’s Top Ten Cybersecurity Mitigation Strategies
CISA Cyber Essentials
FS-ISAC Working from Home Security Tip
Guidelines to Communicate Penetration Test Results (4-2020)
Industry Best Practice Data Security Reporting (September 2017)
FAQs for Cyber Security Best Practices
1. Lee Barney, (2019, November 22), Retirement Plan Sponsors Need Strong Cybersecurity Defenses