Cybersecurity and How to Deal with Data Breaches as a Plan Sponsor

Retirement funds are a target for cybersecurity attacks and identity fraud more than ever before. For most people, their retirement account is one of their biggest assets and is often overlooked, making these accounts a prime target for cybercriminals. Data breaches with recordkeepers are common- Just. last month, a data breach at a major financial institution leaked 1,833 Walmart participant 401(k) plans due to a single employee making an isolated email error. While precautions can control the risks, plan sponsors need to have an active response plan in place with their recordkeepers to minimize potential damages.

An essential precaution sponsors can take to prevent security breaches is participant education. Cybersecurity defense relies on everyone, and educating plan participants about common scams and digital attacks prevents data leaks. Updating the latest cybercriminal attack methods as a part of ongoing participant education can help ensure digital safety. Additionally, plan sponsors should select record keepers that use technologies to secure participant accounts, such as a two-factor authenticator application, requiring a photo ID upon login, or using advanced facial recognition software to flag suspicious login attempts.

Another precaution is purchasing cybersecurity insurance. Plan sponsor considerations for this type of insurance include who is liable in the event of a breach, who is insured, how the plan will be purchased, and what is covered.

Even with all of these precautions in place, it is still possible for a data breach to occur, and plan sponsors need to have an action plan established with their record keeper for cybersecurity attacks. When a breach occurs, the first step for a plan sponsor is to work with IT to isolate compromised systems and ensure the entire database is not leaked. Once that happens, it’s important to determine what type of data was compromised. If customer private information is leaked, it's important to prioritize the safety of their accounts. Increased surveillance of distributions in situations like these is key to ensuring that money is not being stolen. Finally, a communication plan should be created for customers who are affected in the event of a compromise.

By continuously updating security procedures and fostering a proactive approach to cybersecurity, plan sponsors can provide a strong defense against evolving threats. These efforts not only help prevent attacks but also establish confidence in plan participants regarding the protection of their digital assets. By staying prepared, the security of retirement funds can be effectively safeguarded, ensuring peace of mind for everyone involved.

Get in touch with our Trusted Advisors for guidance on plan security tips.

Sources:

Samuels, R. (2024, May 3). How Should a Plan Sponsor Respond to a Data Breach? Plansponsor. Retrieved July 24, 2024, from https://www.plansponsor.com/how-should-a-plan-sponsor-respond-to-a-data-breach/

(2023, November 2). Retirement Plans & Cybersecurity: Insights for Plan Sponsors. BDO. Retrieved July 24, 2024, from https://www.bdo.com/insights/assurance/retirement-plans-cybersecurity-insights-for-plan-sponsors