TECH NEWS
Benesys is on track to meet the Department of Labor cybersecurity guidance for ERISA plan sponsors and fiduciaries by the end of 2023. The guidance, issued in April 2021, comprises a number of best practices. Here's how we’re doing on four of them:
• Have a formal, well-documented cybersecurity program. The BeneSys team is in the process of rewriting a set of 23 IT security policies. This is a large undertaking involving multiple departments, including legal, to ensure the policies are complete and accurate.
• Conduct prudent annual risk assessments. Vendor selection is underway for our annual external security penetration test.
• Conduct periodic cybersecurity awareness training. Each quarter all BeneSys employees are receiving cybersecurity awareness training and email phishing tests. Anyone who fails the phishing test is given additional training.
• Have an effective business resiliency program addressing business continuity, disaster recovery and incident response. With help from security firm Secureworks, we recently finished writing an extensive incident response plan, which is undergoing internal and legal approvals. BeneSys is committed to securely handling plan and Participant information. If you have any questions about our cybersecurity program, please ask your plan manager.
BUSINESS DEVELOPMENT
Thomas Lally: 401-378-1299
thomas.lally@benesys.com