Trillions of dollars are held in US retirement accounts, according to the Investment Company Institute. This tremendous value in assets is a tempting target for those seeking to compromise personal data or gain access to these accounts. And with plan participants becoming increasingly reliant on mobile apps and online platforms to access and monitor their retirement funds, it seems that more cyberattacks on retirement plans are inevitable in our digital world. Plan sponsors and their fiduciaries should consider taking proactive steps to protect their participants and their plan assets. We review retirement plans cybersecurity best practices that plan sponsors should consider to adhere to safeguard against cyberattacks.
Preventative Measures Against Common Cyberattacks
Cyber risks have become a more significant issue in the retirement space in recent years. With many plans using multiple service providers that share large amounts of data, vulnerabilities are evident, and risks are prevalent. Both plan assets and personally identifiable information (PII) are at risk. While completely eliminating these risks is impossible, managing these risks is achievable and is essential to not only following ERISA prudence standards, but simply in serving the best interests of plan participants as well. It is important to remember that managing your cybersecurity is an ongoing process and it should not be rushed. Below, we review key preventative measures against common cyberattacks.
Ongoing Plan Sponsor Concerns
Managing a thoughtful retirement plan while trying to keep up with the ever-changing legal and regulatory environment can be challenging. Often, concerns over managing a retirement plan can vary, and plan sponsors are unsure of what needs to be addressed. Below, we review five ongoing plan sponsor concerns that sponsors should keep in mind to guarantee they have an effective retirement plan in place not only to ensure the retirement readiness of their employees, but to avoid liability should an audit occur.
Implementing Cybersecurity Best Practices for Plan Participants
Cybersecurity has become a prevalent concern in the retirement industry. In part because the Employee Retirement Income Security Act (ERISA) holds no fiduciary functions in managing cybersecurity risk, the retirement industry is in target for cyber-attacks. Surprisingly, many plan breaches are not all due to third-party attackers; rather, it can stem from the misconduct by employees (e.g. falling for a phishing scheme, having an easy password, etc.). Thus, while it is important for plan sponsors and providers to understand the risks of cyber-attacks, plan participants should also be educated on these risks along with cybersecurity best practices.
Cybersecurity: Are Your Plan Participants Protected
Advancements in technology have now made it possible to instantly and conveniently access online accounts to retrieve personal information, such as retirement plan savings data. As smartphones and other devices make it easier to obtain electronic documents, plan participants expect to have instant access to their retirement plan records. Yet, security is paramount in this new era, and retirement plan cybersecurity is especially vital. Any electronic recordkeeping today raises cybersecurity concerns and presents new risks for plan sponsors and their participants. It is no longer an issue of if a problem may arise, but likely when it will arise. Learn the risks as well as pertinent precautionary measures on how to protect your plan participants.