Strong Unions Deserve Strong Security 

In this issue of CyberSecure, we’re leaning into a hard truth: Cybersecurity isn’t just an IT task anymore, it’s a leadership responsibility. 

The threats are growing, the regulations are tightening, and the Department of Labor has made one thing clear: if you’re involved in managing benefit plans, you’re also on the hook for protecting the data behind them.

You probably didn’t sign up for that. But if you’re reading this, you’ve already shouldered it.

When Change Healthcare went dark, you kept the wheels turning. You answered the phones. You worked through the mess. You did what union professionals always do: you showed up. Even though no one handed you a medal when it was over.

That story isn’t the focus of this issue, but it’s the backdrop. Because the real heart of this edition comes from the legal experts who lay out what’s required now: how fiduciary responsibility extends to cybersecurity, how to evaluate your vendors, and how to document the work you’re already doing so it holds up if you’re ever asked to prove it.

This isn’t about fear. It’s about clarity. It’s about knowing where you stand, what the law expects, and how to protect the people who count on you — your members.

So, we’ve included a new Cybersecurity Applicability Questionnaire to help you see exactly where your office stands and where it needs to go next. If you’ve been meaning to get started, now’s the time. This tool, along with the insights in this issue, can help you move from thinking about compliance to actually building it, one practical step at a time.

Because at the end of the day, this isn’t just about rules, it’s about responsibility. And no one is better suited to carry that than the people who already protect workers’ futures for a living. So, let’s keep going. Let’s keep getting stronger. And let’s

do it together.