Prevent 401k Account Hacking

Commercial database hackings are in the news and may seem commonplace in 2019. But while many of these stories focus on hacked bank and credit card accounts, 401(k) plan sponsors and participants probably don’t realize that their plan assets also are at risk.

 

Employers who offer 401(k) plans to their employees need to take precautions against identity theft. Part of this is educating participants.

 

 Role of sponsors

 

If your organization sponsors a 401(k) plan, you must assess plan service providers’ protection systems and policies. Most providers carry cyberfraud insurance that they extend to plan participants. But there may be limits to this protection if, for example, the provider determines that you (the sponsor) or employees (participants) opened the door to a security breach.

 

Your plan’s documents may say that participants must adopt the provider’s recommended security practices. These could include checking account information “frequently” and reviewing correspondence from the administrator “promptly.” Make sure you and your employees understand what these terms mean — and follow them.

 

 What participants can do

 

Traditionally, 401(k) plan participants have been discouraged from worrying about short-term fluctuations and volatility in their accounts, and instead encouraged to focus on the long run. However, the lack of regular monitoring can make these accounts vulnerable. Instruct employees to periodically check their account balances and look for signs of unauthorized activity.

 

Employees also should take the same steps they follow to protect other online accounts. For example: 

  • Use strong passwords and change them regularly.
  • Take advantage of two-factor authentication.
  • Don’t use the same login ID and passwords for multiple sites.
  • Don’t allow a browser to store login information.
  • Never share login information.

 Such precautions can foil some of the most common retirement plan thieves — relatives and friends — from using their knowledge to gain account access. In one real-life case, a plan participant divorced his wife and moved out of the house. However, he didn’t update his address with his plan provider, change his password or review his balance regularly. His ex-wife cleaned out his more than $40,000 balance.

 

 A few clicks

 

Without adequate vigilance, anybody can be a few clicks away from cleaning out your employees’ 401(k) accounts. Review your plan documents carefully and educate participants about their responsibilities for monitoring their accounts. Contact us for more information on identity theft.

 

How can we help?

DISCLAIMER: This blog is provided for informational purposes only and is not a substitute for obtaining accounting, tax, or financial advice from a professional accountant. Presentation of the information in this article does not create nor constitute an accountant-client relationship. While we use reasonable efforts to furnish accurate and up-to-date information, the evolving landscape surrounding these topics is supported by regulations or guidance that are subject to change.

We Value Your Privacy

This site may use cookies to store information on your computer. Some are essential to make our site work and others to improve the user experience. By using this site, you consent to the placement of these cookies and accept our privacy policy.