Plan fiduciaries should consider third-party audits, multi-factor authentication, cyber insurance and more when developing a written cybersecurity policy.