3 Tips for Better 401k Plan Cybersecurity

cybersecurity, retirement, 401kHere's how to protect participants.

Everyone, it seems, is concerned about cybersecurity, and with good reason. Each week seems to bring a new round of headlines, making it clear that identity theft and criminal cyber activity have become persistent features of our lives.

The victims of cyber-crime can be wide-ranging, including governments, industry sectors, corporations of all sizes and individuals. The sources of cyber threats are equally diverse, originating from rogue nation-states, crime cartels, “lone wolf” hackers and even disgruntled employees.

As individuals, we know how important it is to protect our privacy. If we haven’t personally been the victim of identity theft or had sensitive data exposed in a major corporate data breach, the odds are that someone close to us has.

Institutions at all levels who are threatened by cyber-crime devote significant resources to hardening and continually evaluating their security.

For example, it’s now common practice to employ “white-hat” hackers who perform penetration testing to identify vulnerabilities so they can be fixed before being exploited by the “black-hats” or bad guys. The lessons learned from these exercises are invaluable and help institutions enhance the security of their information systems.

Cybersecurity in the Retirement Services Industry

With trillions of dollars in assets to safeguard, the retirement services industry is now intensely focused on the issue of cybersecurity.

It’s a challenge because retirement savings plans will likely use and share their data with multiple third parties, including record keepers, third party administrators, asset managers, advisors and other providers—all of whom may have access to sensitive participant, beneficiary and employer information.

Recently, the Department of Labor’s ERISA Advisory Council, as well as other industry organizations such as SPARK, have begun to provide leadership in establishing cyber security standards for workplace benefits plans.

Cyber Safety Tips for Retirement Plan Participants

What can retirement plan participants do to protect their retirement savings?

Tip No. 1:  Apply the online basics by using strong passwords and changing them frequently. Use two-factor authentication, if available, and prevent malware by using anti-virus software. Don’t click on, or otherwise respond to, untrusted communications (emails or texts) that ask for account information. Lastly, avoid accessing retirement savings accounts using shared computers or open WiFi networks

Tip No. 2:  Keep contact information up-to-date

In the event of a security breach at a services provider, it’s essential that participants be notified as soon as possible, in order to take action. If contact information is out-of-date, then the participant will be difficult to locate, costing valuable time, while the bad guys are putting the private information to work for them.

Tip No. 3:  Consolidate retirement savings at job change

Because participants change jobs often, many will wind up with multiple retirement savings accounts.  Believing that the consolidation process is a hassle, they will simply leave these accounts behind with a former employer.

This is risky from a cybersecurity perspective. Depending on the number of retirement savings accounts that a participant has, and how many service providers have access to their data, consolidating retirement savings can significantly reduce the odds of exposure to a data breach.

We strongly suggest that participants check with the HR department at their current employer and ask about consolidating their retirement savings. An added benefit of consolidation is that participants save time and money by managing their retirement savings in one place.

Mike Goode is Retirement Clearinghouse’s Chief Information Officer and oversees a staff of IT professionals who build, support and secure applications and technology infrastructure.

Be the first to comment on "3 Tips for Better 401k Plan Cybersecurity"

Leave a comment

Your email address will not be published.


*