Information Security and Retirement Plans
Recently, a financial consultant sent us a very detailed questionnaire for a mutual client’s retirement plan audit. We were asked to describe our IT systems back up and disaster recovery procedures and how rapidly they can be activated. They wanted to know about our policies and procedures concerning data encryption and technical measures that are in place to prevent unauthorized system access that could result in alteration, fraud, theft, misuse or physical damage to hardware, software, communications networks, and data.
FSTC maintains a Disaster Recovery Plan (DRP) addressing both non-systems related and data processing systems to ensure business resiliency. Also, a separate IT Discovery Plan (ITDRP) is established to address IT risks associated with our systems. Our Technology & Hosting Support Team at Fi-tek has adopted and implemented requirements, solutions, and procedures to protect our client information and data. We just recently completed another successful disaster recovery test. This test takes place twice a year.
Now more than ever we need to practice security measures in everything we do regardless of whether we work at the office or work remotely. As a provider of trust, custody, and paying agent services to clients that maintain qualified retirement plans, FSTC has an obligation to ensure proper information security measures are in place to protect our client’s data and mitigate cybersecurity risks. We take our fiduciary responsibility very seriously and have established a strong set of operational policies and procedures to ensure that client data is handled securely.
We also protect our client data when interacting with 3rd parties. Any attempt or request from a third party that does not have pre-authorized to access the client’s data would trigger FSTC to get authorization directly with our client or an authorized signer for the plan prior to disclosing any information or granting system access.
Based on industry surveys and reports, 2 out 3 security breaches result from human error as employees often are targets of phishing and are the weakest link. Our cybersecurity awareness program educates all the employees on how to recognize phishing, how to prevent cyber-related incidents, and how to respond to a potential threat. Another key topic of training is identity theft which is leading cause of fraudulent distributions. In addition to checking authorized signers, we do call backs for all distribution of cash to make sure they are valid and accurate.
This year we enacted Two-Factor Authentication (2FA) for client web access which improves security by sending a 6-digit passcode to either a mobile number or a landline telephone to verify the user’s identity to prevent unauthorized access.
Information security and the protection of clients’ data is of utmost importance to us and ongoing process at FSTC.
For more information, please feel free to contact me:
Angela O’Donnell, CRPP™
Phone : (302) 573-5832 / Email : aodonnell@fs-trust.com
The posts expressed are views of FSTC and are not intended as advice or recommendations. For informational purposes only. FSTC does not offer tax or legal advice, professional counsel should be sought for tax or legal advice.