Cybersecurity & Fraud Resources

Plan sponsors, in addition to working with their recordkeeper, can better understand how they protect their employees by taking advantage of some of these free resources.

These resources offered by SPARK, the Cybersecurity and Infrastructure Agency (CISA) and other organizations, can help plan sponsors reduce exposure to various threats, learn about industry best practices, and get information about how to respond in the event of an incident. As the cybersecurity space evolves, plan sponsors should be aware that they could be held liable if they do not follow prudent processes to safeguard plan data¹.

Below are links to various agencies grouped by topic. If you have any questions, please work with your recordkeeper for further assistance.

SPARK Best Practices & Standards:

SPARK Data Security Industry Best Practice Standards Release 3.0 (January 30, 2024)
Plan Sponsor & Advisor Guide to Cybersecurity (November 11, 2022)
SPARK Data Security Industry Best Practice Standards Release 2.0 (August 30, 2022)
Industry Best Practices – Fraud Controls Release 1.0 (July 21, 2021)
SPARK Fraud Prevention Executive Summary (April 2020)
Industry Best Practices – Communicating Penetration Testing Results (April, 2020)
Industry Best Practices – Data Security FAQs
Industry Best Practices – Security Breach and Cyber Fraud Definitions (April, 2019)
Industry Best Practices – Data Security Reporting (September, 2017)

Watch Sessions from Cybersecurity for Retirement Professionals Event:

The 2020 Cybersecurity for Retirement Professionals hosted by Charles Schwab Trust Bank, CSN (Cybercrime Support Network) and SPARK, brought presenters from many organizations to provide resources to help identify, prevent and respond to cyber threats in the retirement industry. Members can re-watch sessions from our all-virtual event.

Free Security Testing:

CISA Cyber Resource Hub: CISA (part of the Department of Homeland Security) offers a variety of free assessments such as:

  • Vulnerability Scanning
  • Phishing Campaign Assessments
  • Risk and Vulnerability Assessments
  • Cyber Resilience Review
  • Remote Penetration Testing
  • Web Application Scanning

Report an Incident / Incident Response Help:

FBI – File a Complaint with the IC3
U.S. Secret Service – Contact
CISA – Report Incidents, Phishing, Malware, or Vulnerabilities
NIST – Responding to a Cyber Incident

Fraud Information & Current Threats:

FTC – Small Business Ransomware
SEC – Ransomware Alert (July 2020)
NIST – Cybersecurity Risks
FBI – Business Email Compromise
CISA – Social Engineering
FTC – Online Scams
DHS Common Scams

Relevant Government Agencies:

Federal Trade Commission (FTC)
Federal Bureau of Investigation (FBI)
Department of Justice (DOJ)
Department of Homeland Security (DHS)
National Institute of Standards and Technology (NIST)

Cybersecurity Insurance:

CISA Cybersecurity Insurance
FTC Cyber Insurance

Tips, Recommendations & Best Practices:

NSA’s Top Ten Cybersecurity Mitigation Strategies
CISA Cyber Essentials
FS-ISAC Working from Home Security Tip

1. Lee Barney, (2019, November 22), Retirement Plan Sponsors Need Strong Cybersecurity Defenses