To print this article, all you need is to be registered or login on Mondaq.com. Recommendations made to plan sponsors and administrators include: Asking vendors what security practices they use and how those measures are validated; Determining the type and scope of vendors' cyber insurance; Putting a formal cybersecurity program in place and conduct annual risk assessments; Using security measures like encryption, and conducting periodic training; Giving users information about common risks, like free WiFi or improper password hygiene. These guidelines provide clarity on how EBSA will interpret regulations on electronic recordkeeping, (which require plan administrators to put in place reasonable