Protecting Your Retirement Savings Online

John Iekel 

Cybersecurity—and its importance to retirement plans and savings—being top of mind, Assistant Secretary of Labor Lisa M. Gomez has some suggestions on reducing the risk of fraud or loss to your retirement account.

Register, set up, and regularly monitor an online account. 

Regularly checking a retirement account:

• reduces the risk of fraudulent account access; and 
• makes it possible to identify and follow up on suspicious activity quickly. 

Failing to register may allow cyber criminals to assume one’s online identity.

Use a strong and unique account password. 

When creating an online retirement account, avoid using: 

• dictionary words; and
• sharing, reusing, or repeating passwords

Instead:

• use letters, numbers, special characters, and 14 or more characters; and 
• update a password regularly.

Use multi-factor authentication.

Logging into an account may require more than just a username and password. Multi-factor authentication may be cumbersome; however, it is very effective in preventing unauthorized access.

Identity verification can be accomplished by:

• using a fingerprint;
• entering an email; or 
• text code. 

Keep personal information up to date. 

• Updating contact information whenever it changes and providing multiple communication options allows one to be reached if there is a problem. 

Keep track. 

The following can be helpful: 

• Keep track of accounts.
• Sign up for activity reports.
• Close unused accounts. 

Free Wi-Fi isn’t always free. 

It is best to not use a public Wi-Fi network when checking on a retirement account. This is because criminals can access public WiFi networks. Using a cell phone and a home network is more secure. 

Don’t fall victim to phishing scams. 

Generally, phishing attacks target passwords, account numbers, and sensitive information. Beware of: 

• phishing messages that may appear to be from a trusted organization;
• an unexpected text message or email;
• spelling errors; and 
• poor grammar.

Install antivirus software.

Use trustworthy antivirus software.

Keep apps and software up to date. 

Keep software and apps software updated with the latest patches and upgrades; outdated apps and software can pose a security risk. 

Know how to report identity theft and cybersecurity breaches. 

Victims of a cybersecurity attack can contact the FBI or the Department of Homeland Security to file a report. Two places at which to do so are:

• https://www.fbi.gov/file-repository/cyber-incident-reporting-united-message-final.pdf/view 
• https://www.cisa.gov/report

Gomez reminds that plan fiduciaries have a responsibility to protect a plan against cybersecurity risks. This includes, she says, ensuring that recordkeepers and other service providers responsible also safeguard information. 

Finding out More 

More information is available from the U.S. Department of Labor on how to protect plan accounts from cybersecurity threats here:  https://www.dol.gov/agencies/ebsa/key-topics/retirement-benefits/cybersecurity 

Editor’s Note: The Assistant Secretary also appeared recently before the Plan Sponsor Council of America’s national conference where she also suggested that plan sponsors should consider having cyber-liability insurance. Gomez stressed that many employers assume that since the company has cyber liability insurance, they would be covered in a breach. But in many cases, the fine print in the policy notes that it applies only to the company and not the company in its capacity as a plan sponsor—something not obvious to most, she explained.