Lineage Secure consultants presented a cybersecurity briefing at the Federated City Employees Retirement System Board meeting, telling trustees that public pension funds are high‑value targets and urging trustees to adopt governance practices that reduce the risk of data breaches and financial fraud.

Peter Dewer, president of Lineage Secure, and Jake Long, who previously worked on the PensionGold platform, outlined common attack vectors such as social engineering and business‑email compromise and explained that attackers increasingly use AI and automation to craft convincing messages. They said attackers study public materials — including board minutes, strategic plans and trustee contact information — to craft targeted attacks.

The presenters recommended a trustee‑level focus on governance: adopt a recognized cybersecurity framework (for example, NIST’s Cybersecurity Framework), require regular role‑based staff training and phishing simulations, conduct tabletop incident‑response exercises and verify third‑party vendor controls through SOC reports and contractual requirements. They noted that multi‑factor authentication (MFA) reduces risk but is not a panacea — identity management and checks on high‑value transactions are essential.

The presenters also discussed ransomware risk and recovery options such as immutable backups and air‑gapped recovery environments. They advised testing incident response plans so that staff understand responsibilities and reporting lines before a real incident occurs. Trustees asked about specific controls for fund operations (for example, protecting capital‑call and payment flows) and whether the city’s centralized IT arrangement and insurance coverage are sufficient; presenters recommended clarifying responsibilities in an MOU with the city and keeping proof of vendor controls up to date.

Why this matters: Pension plans hold sensitive member records and execute high‑value financial transactions. Trustee oversight of cybersecurity practices — including asking the right questions of staff and vendors and requiring tested incident‑response plans — reduces the likelihood of successful fraud or data breaches.

Board next steps: Trustees asked staff to consider tabletop exercises that include city IT and vendor participation, to review vendor SOC reports and contract language and to revisit training cadence and reporting to the board.