To embed, copy and paste the code into your website or blog: On April 14, 2021, the U.S. Department of Labor’s (DOL’s) Employee Benefits Security Administration (EBSA) finally issued first-ever guidance for plan sponsors, plan fiduciaries, record keepers and plan participants on best practices for maintaining cybersecurity to protect the retirement benefits of America’s workers under ERISA-subject private sector employer-sponsored retirement plans. Background. The Employee Retirement Income Security Act of 1974 (ERISA) established minimum standards and requirements intended to protect plan participants and beneficiaries in private sector employer-sponsored retirement plans. However, since ERISA’s enactment, plan sponsors and their service providers have increasingly relied on the internet and IT systems to execute tasks required to administer these retirement plans. In addition, plan sponsors often outsource retirement plan administration, including record keeping and other services, to third-party service providers, thus increasing the potential opportunities for cyber thieves and other bad actors to gain unauthorized access to accounts, participants’ personally identifiable information (PII) and plan asset data. Protecting plan assets and participants’ PII against cyber-attacks is a paramount issue for those involved with ensuring retirement security. (PII is any information that can be used to distinguish or trace an individual’s identity, such as name, date and place of birth, or Social Security Number, and other types of personal information that can be linked to an individual, such as medical, educational, financial and employment information.)