John Hancock Retirement Plan Services (JHRPS) has formalized current practice, offering a Cybersecurity Guarantee to reimburse eligible participants for unauthorized transfers from their 401(k) retirement accounts.
John Hancock’s technology infrastructure is scalable and strengthened with multiple layers of security. Its multi-faceted approach to data security not only includes safeguards implemented within the business unit, but also security measures at the John Hancock and global Manulife levels. The company’s technology is consistent with the National Institute of Standards and Technology (NIST) guidelines, ISO 27001 principles, and other industry standard frameworks for information risk management.
“Retirement plan providers are technology companies,” says Tony Todisco, senior vice president, Information Technology & Delivery Management. “As technology and online threats become more sophisticated, we are committed to keeping pace with new ways to protect our clients’ and participants’ accounts. Our Cybersecurity Guarantee underscores the strength of that commitment.”
JHRPS also educates participants about prudent online security practices that could apply to anything they do on the Internet.
Retirement plan sponsors that take cybersecurity seriously are less likely to see their participants’ assets and personal information affected by a successful cyberattack, says Andrew Zito, AIF, executive vice president, retirement plan services, at LAMCO Advisory Services.
A 2016 ERISA Advisory Council report appendix suggests materials for plan sponsors, fiduciaries and service providers to utilize when developing a cybersecurity strategy and program.