5 Tips for Hiring a Service Provider for Top Cybersecurity If You're a TPA

If you are a TPA  managing sensitive financial information, cybersecurity should be at the top of your priority list. We live in a world of growing cybersecurity risk and constantly changing compliance regulations. Working with an IT company that can provide best-in-class cybersecurity is vital to your security and success.

The Employee Benefits and Security Administration (EBSA) released the following cybersecurity best practices for TPAs. With these best practices in hand, you may wonder where to go from here. 

First on your list should be hiring a qualified service provider that meets the cybersecurity needs of your TPA firm. To help you vet your current or future IT company, the Employee Benefits and Security Administration recently released official tips for hiring a service provider with strong cybersecurity practices to aid in this process. Let’s break down what these recommendations include. 

5 Tips for Hiring a Service Provider as a TPA 

1. Ask if the provider currently works or previously worked with a TPA. Have they dealt with security breaches? How did they handle it, and what was the outcome? This will indicate experience with recommended compliance and best practices.

This should include evaluating the service provider’s track record in the industry, including public information regarding information security incidents, other litigation, and legal proceedings related to vendors’ services. 

2. Before signing a contract, ask the service provider to define how they’ll maintain the current official cybersecurity guidelines. Be sure they are aware and up-to-date on current EBSA guidelines. 
3. Does the service provider have insurance? What will insurance cover in the event of a breach? 
4. What are the service provider’s information security standards, practices, policies, and audit results? Compare this information to industry standards adopted by other financial institutions. Is there any third-party validation that their policies and procedures are being followed? Look for third-party attested certifications like MSP Verify and SOC 2 Type II.
5. How will security practices be implemented and validated? Include the right to review audit results – demonstrating compliance with defined standards in your contract. 

From a personal perspective, we recently talked more about online security tips for managing your retirement accounts on our blog, which includes official recommendations from the Employee Benefits Security Administration for reducing fraud and loss to your accounts.  

If you are a TPA considering the next steps in proactive cybersecurity measures, get in touch with PK Tech.