401k Cybersecurity Risk Increases with Remote Workforce

401k cybersecurity risk exists for all retirement plans.  However having a remote workforce exponentially increases 401k cybersecurity risk!  Remote employees present employers with multi-point networking exposure that has grown to be one of the bigger concerns with regards to cybersecurity.  The proliferation of remote workers can be traced back to the early stages of the Covid-19 pandemic.  A new study shows that employers have work to do when it comes to mitigating 401k cybersecurity risk.

According to the Endpoint Ecosystem study from Mobile Mentor, which explores how employees perceive privacy, security, productivity, and personal well-being in the finance industry, security breaches are a top concern for employees, so much so that they’re quitting their jobs over it.  A lack of good cybersecurity protocols now hinders an employers’ ability to recruit and retain quality talent.  The goal of the Endpoint Ecosystem study is to inform and educate employers how to prevent security breaches; while attracting and recruiting motivated employees, according to a recent BenefitsPro article.

The study found that finance tends to be more security-conscious than other industries.  As such, finance employees have a better understanding of the need to protect company data, and they receive regular cybersecurity prevention training.  According to the data:

  • Three-fourths of finance workers believe they will get fired for a data breach.
  • Sixty-eight percent believe their executives should be fired for a breach.
  • Forty-two percent know someone who has exposed their employer to a breach.

These numbers are much higher than for healthcare, government, or education workers.

According to the Endpoint Ecosystem study, the finance industry also has a “password hygiene” problem.  This “password hygiene” problem increases 401k cybersecurity risk!  Employees regularly save work passwords in personal journals (one-third) and on their personal smartphones (three in 10).  Seven out of 10 choose a password that’s easy to remember, and 18% reset their password daily.  Among younger workers, the issue is even more of a concern: two in 10 manage more than 50 personal passwords and 50 work passwords, and 45% of younger employees reset their passwords every day.

Finally, the study found that finance has a shadow IT problem.  Finance employees do a good job of cybersecurity at work; however, not so much in their personal lives.  Forty-six percent allow family members to use their devices, and half of finance employees work around security policies and prefer to use unapproved apps and bring-your-own devices (BYOD).  Remote work has worsened the shadow IT problem, creating a need for employers to identify the right tools to help employees feel empowered while reducing their dependence on unapproved apps.

Although the finance-industry fares better than other industries when it comes to employees’ awareness of and adherence to cybersecurity prevention, employers have room to improve.  Managing 401k cybersecurity risk includes helping the workforce manage passwords and combat their shadow IT concerns.  With hacks and cyber theft on the rise, including vulnerabilities in workplace retirement plans, employers should implement additional cybersecurity protections to improve recruiting and retention while keeping sensitive data from falling into the wrong hands.


Thank you for visiting our site!

TRAU, Inc. and its affiliates TPSU and 401kTV do not provide investment, legal, tax or accounting advice. 401kTV readers and viewers should consult their legal and tax advisors for guidance. All materials, including but not limited to articles, directories, photos, videos, graphics etc., on this website are the sole property of TRAU, Inc. and are intended for educational purposes only. We do encourage your sharing 401kTV content with Plan Sponsors; however, unauthorized use of any and all materials is prohibited/restricted.

Permission to use any of the materials, etc. on any of this site or affiliate websites may be requested in writing at Webmaster@401ktv.com and may be granted in writing on a case by case basis. Use of all editorial content without permission is strictly prohibited.

Scroll to Top