With everything from pizza deliveries to multi-million-dollar deals being handled online, it should come as no surprise that hackers might target 401k plans.
However, security breaches don’t stop with an unknown party simply accessing participants’ personally identifiable information (PII).
Hacks also lead to unauthorized withdrawals of funds from 401k plans. So, what can be done to avoid a cyber attack on a 401k plan?
The following provides some best practices to avoid this type of costly breach.
Who is responsible for preventing a 401k-plan cyber attack?
Employers and plan administrators must meet the ERISA prudence standard. Plan fiduciaries are expected to act in the best interests of the participants. This includes acting with care, skill, and diligence like any other prudent person.
What can be done to improve cybersecurity?
To avoid a cyber attack, consider taking the following steps.
- Practice care in hiring third party administrators (TPAs). Yes, you may have to hire TPAs, but make sure you carefully vet them. Your contract with a TPA should include provisions about developing and maintaining protection against cyber attacks.
- Know where the data is stored and who is authorized to use it. Even if you have hired people to handle digital storage of sensitive data, you are still responsible for safeguarding it. Only authorized people should be able to see the data. Also, make sure your 401k’s data is safely stored.
- Put security measures in place and maintain them. Make the safety of your digital data a top priority. Develop common sense, up-to-date protocols and then enforce them.
- Train employees. Unless properly trained, employees may not realize the need to avoid a cyber attack. Divulging information and even passwords may not seem like a big deal unless the employees realize the consequences of doing so.
- Monitor systems regularly. If a hacker does enter your computer systems, how long will it take to recognize the leak and block it? Regular monitoring of data storage and security systems is crucial.
Anne Tyler Hall is owner and principal attorney of Hall Benefits Law.
HBL offers employers comprehensive legal guidance on benefits in mergers and acquisitions, Employee Stock Ownership Plans (ESOPs), executive compensation, health and welfare benefits, healthcare reform, and retirement plans. We counsel a wide spectrum of clients including small, mid-sized, and large companies, 401(k) investment advisors, health insurance brokers, accountants, attorneys, and HR consultants, just to name a few. HBL is passionate about advising clients, and we are dedicated to our mission: to provide comprehensive, personalized, and practical ERISA and benefits legal solutions that exceed client expectations.
Managing Partner at HBL