Cybersecurity & Fraud Resources
Plan sponsors, in addition to working with their recordkeeper, can better understand how they protect their employees by taking advantage of some of these free resources.
These resources offered by SPARK, the Cybersecurity and Infrastructure Agency (CISA) and other organizations, can help plan sponsors reduce exposure to various threats, learn about industry best practices, and get information about how to respond in the event of an incident. As the cybersecurity space evolves, plan sponsors should be aware that they could be held liable if they do not follow prudent processes to safeguard plan data¹.
Below are links to various agencies grouped by topic. If you have any questions, please work with your recordkeeper for further assistance.
SPARK Best Practices & Standards:
Industry Best Practices – Fraud Controls Release 1.0 (July 21, 2021)
Industry Best Practices – Communicating Penetration Testing Results (April, 2020)
Industry Best Practices – Data Security FAQs
Industry Best Practices – Security Breach and Cyber Fraud Definitions (April, 2019)
Industry Best Practices – Data Security Reporting (September, 2017)
Watch Sessions from Cybersecurity for Retirement Professionals Event:
The 2020 Cybersecurity for Retirement Professionals hosted by Charles Schwab Trust Bank, CSN (Cybercrime Support Network) and SPARK, brought presenters from many organizations to provide resources to help identify, prevent and respond to cyber threats in the retirement industry. Members can re-watch sessions from our all-virtual event.
Free Security Testing:
CISA Cyber Resource Hub: CISA (part of the Department of Homeland Security) offers a variety of free assessments such as:
- Vulnerability Scanning
- Phishing Campaign Assessments
- Risk and Vulnerability Assessments
- Cyber Resilience Review
- Remote Penetration Testing
- Web Application Scanning
Report an Incident / Incident Response Help:
Fraud Information & Current Threats:
Relevant Government Agencies:
Tips, Recommendations & Best Practices:
1. Lee Barney, (2019, November 22), Retirement Plan Sponsors Need Strong Cybersecurity Defenses