How Secure is 401k Money and Data?

401k, retirement, cybersecurity

Hackers gonna hack.

It seems that most employees and plan participants “think” their retirement money and data are not at risk. This is due, in part, because:

But are retirement plans really at risk? And if so, why? Following are some helpful hints and practical advice to reduce such risks, some of which are tips plan sponsors can share with retirement plan participants.

Are qualified retirement plans really at risk?

Absolutely. As is the case with all organizations and individuals, everyone is exposed to security risks and fraud. However, there are unique characteristics that make retirement plans attractive targets. For example:

What kind of information (and assets) “precisely” is at risk?

Retirement plans are particularly at risk for cybersecurity incidents because of the nature of the data maintained in connection with employer and third-party administrator intranet and websites. For example, the electronic data maintained by employers and TPAs includes:

Examples of cyber threats to retirement plans involve plans and service providers subject to fraudulent transfers of participant plan assets, either through fraudulent distribution or fraudulent loan requests, ransomware attacks and phishing techniques where a hacker may obtain login credentials (through a stolen laptop or mobile device storing personal data and misplaced passwords) to access online participant account information.

Note that while the information included in retirement plans is protected under a myriad of laws and regulations, there is currently no comprehensive regulation that protects retirement plans and service providers from cyber threats. In previous posts from February 2017 and November 2016 on our blog Password Protected, there is a discussion of whether ERISA applies to cybersecurity and the 2016 ERISA Advisory Council Report on Benefit Plan Cybersecurity.

Remember that while few incidents of cybersecurity attacks against retirement plans have been publicized, it is only a matter of time before a major attack occurs. Cybersecurity criminals are becoming more sophisticated every day; be prepared.

What steps should be taken to safeguard retirement plan assets and information?

Plan sponsors should consider:

Maria P. Rasmussen is senior counsel with Richmond, Va.-based McGuireWoods LLP. This article was originally published on the firm’s blog Password Protected on July 9, 2018.

Exit mobile version