Retirement Plan Access & Fraud Prevention Considerations

As a significant investment for many Americans, retirement plan assets are an attractive target for cyber hackers globally. In today’s highly digitized/online environment there are ample opportunities for cyber crooks. Plan participants need to take common sense measures to safeguard their accounts. Plan sponsors now face the dual challenge of providing online access to participants’ retirement plans while keeping their information secure. Implementing and maintaining a proactive cybersecurity strategy is key for both parties.

Effective cybersecurity needs to consider the possibility of security breaches from multiple vantage points, including:

  • Suspicious call center activity – Criminals call into retirement plan call centers impersonating participants to access accounts.
  • Employees – An unintentional action such as misplacing a laptop, accessing client data through an unsecured internet connection, opening email messages, and downloading attachments can lead to a cybersecurity breach.
  • Plan participants – Participants can inadvertently cause a breach which could be potentially damaging to their retirement plan account.

A few examples of a potential cyberattack on a retirement account at a participant level include:

  • Phishing – A criminal masquerades as a bank or institution that the victim has a relationship with to solicit personal data from them via email.
  • Malware – A cyber crook accesses personal data through malicious software that the participant may not have protections against.
  • Ransomware – Criminals collect information about their victims and withhold access to a computer system or account until the victim pays a sum of money.

Participants Can Help Thwart Potential Hackers
Retirement plan participants also have an active role to play in safeguarding their retirement accounts. Encourage participants to:

  • Monitor retirement accounts – Check their retirement accounts regularly and immediately report any suspicious activity.
  • Protect passwords – Use strong passwords that are different from the passwords used on other sites and include letters, numbers, and special characters. Avoid sharing passwords and change a password at least every 90 days.
  • Access account information wisely – Don’t access financial accounts on public Wi-Fi and don’t use public computers to check accounts.
  • Not respond to suspicious emails or phishing and never open or download suspicious attachments.
  • Protect against malware by installing a security suite or program that includes antivirus, antispam, and malware protection.
  • Ensure that the answers set up for online security questions are not comprised of publicly available information such as a birth date, child’s first name, or anything readily available on social media.

Cybersecurity Tips For Plan Sponsors

As a Plan Sponsor, adopting best practices to safeguard retirement plan accounts in this challenging cyber landscape is key. When reviewing your company’s cybersecurity plan, consider the following factors:

  • Rights and controls – What policies and procedures does your company have in place to prevent unauthorized access to systems or information?
  • Internal controls – may include controlling physical access to assets and facilities, tightening access to client information by employees, effective use of complex passwords, firewalls, and antivirus software deployment.
  • External controls – may include automatic encryption of all data in transit to and from each firm with which data is shared.
  • Participant verification – How does your company verify the authenticity of a participant’s request to transfer funds or conduct other transactions?
  • Incident response – What are the firm’s policies and procedures related to a cybersecurity incident response? Ensure there are efficient mechanisms in place to deliver a timely response and critical communications related to any detected cybersecurity threat or incident.
  • Service provider safeguards – Review and understand the cybersecurity processes that service providers have implemented. These processes can range from multi-factor authentication to process flows, and fraud detection.

Every day, cybersecurity grows more complicated as hackers evolve and refine ways to acquire private information criminally. Your local ABG representative is available to you as a resource for any questions you may have on this growing cybersecurity issue.