Cybersecurity and How to Deal with Data Breaches as a Plan Sponsor

Retirement funds are a target for cybersecurity attacks and identity fraud more than ever before.

For most people, their retirement account is one of their biggest assets and they rarely check it. This makes these accounts a prime target for cybercriminals. Data breaches with recordkeepers are common. Last month 1,833 Walmart participant 401(k) plans were leaked from a large financial institution’s data breach caused by a single employee making an isolated email error. The risk of incidents like this can be lessened with proper precautions. Even with the best precautions in place a data breach can still occur, and having an established response plan in place with your recordkeeper is key to minimizing the damages.

A meaningful precaution sponsors can take to prevent security breaches is participant education. Cybersecurity defense relies on everyone and educating plan participants about common scams and digital attacks prevents data leaks. Updates on the latest cybercriminal attack methods as a part of ongoing participant education can help ensure digital safety going forward. Additionally, plan sponsors should ensure that they work with record keepers that use technologies to secure participant accounts such as a two-factor authenticator application, requiring a photo ID upon login, or using advanced facial recognition software to flag suspicious login attempts.

Another precaution that could be taken is purchasing cybersecurity insurance. Plan sponsor considerations for this type of insurance include who is liable in the event of a breach, who is insured, how the plan will be purchased, and finally, what is covered.

Even with all of these precautions in place, it is still possible for a data breach to occur and plan sponsors need to have a plan established with their record keeper for cybersecurity attacks. When breaches occur, the first step for a plan sponsor is to work with IT to isolate compromised systems to make sure the entire database is not leaked. Once that happens, it’s important to determine what type of data was compromised. If customer private information is leaked, it’s important to prioritize the safety of their accounts. Increased surveillance of distributions in situations like these is key to ensuring that money is not being stolen. Finally, a communication plan should be crafted for customers who are affected in the event of a compromise.

By continuously updating security procedures and fostering a proactive approach to cybersecurity, plan sponsors can provide a strong defense against evolving threats. These efforts not only help prevent attacks but also establish confidence in plan participants regarding the protection of their digital assets. By staying prepared, the security of retirement funds can be effectively safeguarded, ensuring peace of mind for everyone involved.

Sources :
https://www.plansponsor.com/how-should-a-plan-sponsor-respond-to-a-data-breach/
https://www.bdo.com/insights/assurance/retirement-plans-cybersecurity-insights-for-plan-sponsors
Advisory Services offered through The Ascent Group, LLC, an SEC-registered investment adviser. Securities offered through Triad Advisors, LLC, Member FINRA/SIPC. The Ascent Group, LLC; Alera Group, Inc.; Summit Group of Virginia, an Alera Group Company; and Summit Group 401(k) Consulting, an Alera Group Company, are not affiliated with Triad Advisors, LLC. Representatives do not provide tax or legal advice. Please consult with your tax advisor or attorney regarding your situation. 

You are now leaving Summit Group 401(k) Consulting

Summit Group 401(k) Consulting provides links to web sites of other organizations in order to provide visitors with certain information. A link does not constitute an endorsement of content, viewpoint, policies, products or services of that web site. Once you link to another web site not maintained by Summit Group 401(k) Consulting, you are subject to the terms and conditions of that web site, including but not limited to its privacy policy.

You will be redirected to

Click the link above to continue or CANCEL