Cybersecurity & Fraud Resources

Plan sponsors, in addition to working with their recordkeeper, can better understand how they protect their employees by taking advantage of some of these free resources.

These resources offered by the Cybersecurity and Infrastructure Agency (CISA) and other organizations, can help plan sponsors reduce exposure to various threats, learn about industry best practices, and get information about how to respond in the event of an incident. As the cybersecurity space evolves, plan sponsors should be aware that they could be held liable if they do not follow prudent processes to safeguard plan data¹.

Below are links to various agencies grouped by topic. If you have any questions, please work with your recordkeeper for further assistance.

Free Security Testing:

CISA Cyber Resource Hub: CISA (part of the Department of Homeland Security) offers a variety of free assessments such as:

  • Vulnerability scanning
  • Phishing campaign assessments
  • Risk and Vulnerability Assessments
  • Cyber Resilience Review
  • Remote Penetration Testing
  • Web Application Scanning

Report an Incident / Incident Response Help:

FBI – File a Complaint with the IC3
U.S. Secret Service – Contact
CISA – Report Incidents, Phishing, Malware, or Vulnerabilities
NIST – Responding to a Cyber Incident

Fraud Information & Current Threats:

FTC – Small Business Ransomware
SEC – Ransomware Alert (July 2020)
NIST – Cybersecurity Risks
FBI – Business Email Compromise
CISA – Social Engineering
FTC – Online Scams
DHS Common Scams

Relevant Government Agencies:

Federal Trade Commission (FTC)
Federal Bureau of Investigation (FBI)
Department of Justice (DOJ)
Department of Homeland Security (DHS)
National Institute of Standards and Technology (NIST)

Cybersecurity Insurance:

CISA Cybersecurity Insurance
FTC Cyber Insurance

Tips, Recommendations & Best Practices:

NSA’s Top Ten Cybersecurity Mitigation Strategies
CISA Cyber Essentials
FS-ISAC Working from Home Security Tip
Guidelines to Communicate Penetration Test Results (4-2020)
Industry Best Practice Data Security Reporting (September 2017)
FAQs for Cyber Security Best Practices

1. Lee Barney, (2019, November 22), Retirement Plan Sponsors Need Strong Cybersecurity Defenses