Keeping financial accounts safe from cyberattacks has become more important than ever as Internet crimes continue to rise. The Federal Bureau of Investigation (FBI) estimates that cybercrime cost its victims $12.5 billion in 2023.

If you have a 401(k) or another plan covered by the Employee Retirement Income Security Act (E𒆙RISA), you may be wondering whether your account is safe. The U.S. 澳洲幸运5开奖号码历史查询:Department of Labor (DOL) has issuꦗed cybersecurity guidance designed to protect plan sponsors and participants from c🎃yberattacks.

Understanding 401(k) Fraud and Cybercrime

Cybercrime is something many people may think of as exclusively linked to bank or 澳洲幸运5开奖号码历史查询:credit card accounts. For instance, many high-profile hacking reports have involved 澳洲幸运5开奖号码历史查询:the theft of d🐠ebit and crဣedit card information from retailers' 澳洲幸运5开奖号码历史查询:point-of-sale systems. Other common types of cybercrime involve email or text phishing sc🌌ams, and malware attacks designed to steal online or mobile banking login information.

澳洲幸运5开奖号码历史查询:Retirement accounts, including 澳洲幸运5开奖号码历史查询:401(k) plans, are not immune from being targeted, however. Fraudsters can use a variety of tactics to target workplace plans and drain employees' retirement savings. One of the most common 澳洲幸运5开奖号码历史查询:types of fraud involves account takeover. Here's how it works:

• A cybercriminal obtains access to an individual's 401(k) plan login information, either through a phishing scam, a malware attack, or a combination of the two.
• They use that information to log in to the employee's 401(k) plan and change certain details of the account, such as the contact phone number and address or the login password.
• Assuming those changes go unnoticed, the fraudster can then initiate transfers of funds from the 401(k) to an externally linked account or have paper checks mailed to the updated address.

Account takeover fraud can also happen with other types of accounts, including 澳洲幸运5开奖号码历史查询:indiv♋idual retirement accounts (IRAs), taxable 澳洲幸运5开奖号码历史查询:brokerage accounts, and bank accounts.

DOL 401(k) Cybersecurity Guidance

In 2021, the Department of Labor introduced new guidance to help protect 401(k) plans and other ERISA-governed retirement plans against cyber fraud. This guidance is designed to assist plan sponsors, fiduciaries, record-keepers, and plan participants in 澳洲幸运5开奖号码历史查询:safeguarding 401(k) plans from 澳洲幸运5开奖号码历史查询:identity theft and other types of 澳洲幸运5开奖号码历史查询:cybercrime. The guidance focuses on three specific areas: tips for hiring service providers, 澳洲幸运5开奖号码历史查询:cybersecurity program best practices, and online security.

Guidance for Plan Sponsors

The DOL rules encourage 澳洲幸运5开奖号码历史查询:plan sponsors to work with service providers that follow strong cybersecurity practices. Specifically, the DOL suggests that plan sponsors do the following w✨hen vetting providers:

• Ask about the provider's information security standards, practices, and policies and compare them to industry standards that other financial institutions use.
• Look for providers that follow a recognized standard for information security.
• Ask the provider how it validates its practices and what level of security standards are implemented.
• Evaluate the provider's track record within the industry and ask about any past 澳洲幸运5开奖号码历史查询:security breaches the provider may have experienced.
• Research whether the provider has 澳洲幸运5开奖号码历史查询:insurance policies in place to cover cybersecurity losses, including situations in which plan participants' accounts have been hacked.
• Ensure that any contract with a service provider requires ongoing compliance with cybersecurity and information security standards.
  

Guidance for Fiduciaries and Record-Keepers

Under the DOL's rules, 401(k) plan fiduciaries and record-keepers also bear responsibility for en🎃suring that they're doing their part to mitigate cybersecurity risks. The list of recommended best practices includes the following:

• Have a formal, well-documented cybersecurity program.
• Conduct annual risk assessments in a prudent manner.
• Schedule annual third-party audits of security controls.
• Clearly define and assign information security roles and responsibilities.
• Put strong access control procedures in place.
• Ensure that assets or data stored in 澳洲幸运5开奖号码历史查询:the cloud or managed by third-party providers are subject to appropriate security reviews and assessments.
• Conduct periodic cybersecurity awareness training.
• Implement and manage a secure system development 澳洲幸运5开奖号码历史查询:life cycle (SDLC) program.
• Create an effective business resiliency program that addresses business continuity, disaster recovery, and incident response.
• Encrypt sensitive data at all times.
• Implement strong technical controls in alignment with best security practices.
• Respond appropriately to cybersecurity incidents.

Guidance for Plan Participants

The DOL also offers tips for 401(k) plan participants to help them do their part in keeping their accounts safe. Many of these tips are the same strategies that are encouraged to protect 澳洲幸运5开奖号码历史查询:online banking information. Here's what the DOL suggests:

• Routinely monitor your account, looking for any unusual activity or transactions that you don't recognize.
• Use strong and unique passwords to log in to retirement accounts and update them regularly.
• Set up 澳洲幸运5开奖号码历史查询:multifactor authentication if your plan sponsor or servicer offers it.
• Keep personal contact information that is listed on your account up-to-date.
• Close or delete unused financial accounts.
• Avoid the use of public Wi-Fi to access financial accounts.
• Be wary of phishing scams.
• Use antivirus software to protect your devices and regularly update it.

The Bottom Line

You work hard to contribute money to your 401(k) for retirement, and the last thing you want is for cybercriminals to steal it. The unfortunate reality is that 401(k) plans and other workplace retirement plans may be just as vulnerable to cyberattacks as other types of financial accounts. The DOL's 401(k) cybersecurity guidance is a step in the right direction for protecting these accounts. Remaining diligent and monitoring your accounts regularly can help keep your retirement savings secure.