Cyber fraud is a growing concern across the U.S. and around the world—and online platforms that are increasingly being used to house 401(k) accounts are, unfortunately, prime targets for data breaches and sophisticated fraud schemes.
In today’s environment, people are careful about keeping their bank account and email authentication information safe. However, they aren’t always as diligent with other personal information.
Your plan participants need to be vigilant with their retirement savings accounts and access information as well.
In the past year, we’ve seen a slew of cases of attempted fraud—some successful—against retirement savings plan participants across a multitude of recordkeepers. While virtually all recordkeepers view security as a top priority and update their technology regularly, their security can only go so far if the participant isn’t being equally vigilant.
It’s important to educate your plan participants on the following tips to ensure the security of their retirement savings accounts:
- Use all available levels of authentication. If your plan’s recordkeeper comes out with a new type of authentication, your participants should implement it immediately.
- Reset passwords when other online accounts are compromised. If participants frequent a website or have an account with a company whose website and information has been compromised, they should change all of their passwords for all online accounts.
- Create strong passwords. Participants should use a mix of letters, capitalization, numbers, and symbols when creating their passwords. They should avoid recognizable words and be careful to not use the same password for multiple purposes. The password should also be at least 14 characters in length and be changed frequently. Using a password manager can make this task a little less daunting.
- Don’t send authentication information to any third parties. Remind participants to limit authentication access to use on sites that are navigated to independently—as opposed to through a link or other prompt.
- Check your account(s) frequently and address any irregularities. As a plan sponsor, you should keep an eye on your participants’ accounts for any inconsistencies. Remind your participants to monitor their accounts as well.
- Contact your plan sponsor if any suspicious notifications about the plan are received. Ask participants to immediately contact you if they receive any unexpected or suspicious-looking “updates” on their account, so you can notify your recordkeeper and quickly address any concerns.
For more information on keeping your plan assets safe from a cyberattack, please reach out to Curi Capital’s Retirement Plan Solutions team at 984-202-2800.