Don't Miss

401k Plan Cybersecurity Steps for Participants

401k Plan Cybersecurity Steps for Participants

401k plan cybersecurity breaches are on the rise.  401k plan cybersecurity should now be a front-burner topic for 403b and 401k plan participants. However, very few retirement plan participants comprehend the exposure their account balances have to 401k plan cybersecurity risk.  At the conclusion of a Plan Sponsor University (TPSU) Fiduciary Education Program held at the University of Minnesota, TPSU Founder and CEO, Fred Barstein spoke with TPSU Adjunct Lecturer, Joe Brummel, Managing Director at Strategic Retirement Partners (SRP).  Mr. Brummel spends time discussing 403b and 401k plan cybersecurity risks.  The conversation focuses on how retirement plan participants can reduce the 401k plan cybersecurity risk by registering themselves on the plan recordkeeper website.  They also discuss the benefits of multifactor authentication for managing 401k plan cybersecurity risk. This video is an important risk management educational experience for retirement plan fiduciaries and retirement plan advisors.

Full Transcript Here

Fred Barstein:
Fred Barstein with 401k TV. Just completed a TPSU program at the University of Minnesota. I’m here with our esteemed lecturer, Joe Brummel. Welcome, Joe.

Joe Brummel:
Thank you.

Fred Barstein:
Joe has been with us from the beginning and he actually was our first trial class. He’s an original CKP founding lecturer there as well. We can’t seem to get rid of him. He’s been a loyal great supporter, great advisor, been in the industry for 23 years. Just joined SRP, which is one of the largest defined contribution 401(k), 403(b) focused firms in the country with I think it’s close to 20 advisors. Is it over 20?

Joe Brummel:
Yeah. Depending on how you count the advisors, yeah, it’s around 20 plus.

Fred Barstein:
20 plus offices around the country, so it’s a great group and Joe has been doing this, very passionate about this for a long time. One of the subjects that came up today and is, I know, near and dear or may be in fear for many plan sponsors is the whole issue of cybersecurity. One of the things about how sometimes participants don’t even log on and register. What’s the danger there?

Joe Brummel:
Well, the danger is that these accounts are not … They’re open. They’re exposed for someone else to essentially claim those accounts. Because if you haven’t registered your account, what does that mean? It means that someone else could easily come in and claim they’re you. There are four pieces of information that every record keeper uses some combination of for someone when they register their account initially.

Fred Barstein:
Right.

Joe Brummel:
Name, Social Security Number, date of birth, and address. Those things are all floating out on the internet or the dark web someplace for virtually everybody. If someone gets that information and they know you have a 401(k) or a 403(b) account at a particular record keeper or they could just test the different record keepers, they might be able to go on and claim they are you by registering as you. The way a participant combats that is they just have to go on and register their account. Claim they are themselves.

Fred Barstein:
Put in their email and cellphone because every time a change is made, they’ll check to see did you actually make the change and have a code.

Joe Brummel:
That’s the multifactor authentication process. The best thing a participant can do and a plan sponsor can do to help the participant, encourage them to do this is to register their account. With multifactor authentication, what happens is you now have that fraudster would have to have control of the person’s email or their cellphone so that when that text code or that email code comes across, they put in their username, their password, which is unique, they get to customize. But then they also have to have that code. It makes it almost impossible for a fraudster to get into someone’s account.

Fred Barstein:
Right, to do it. I think we have time briefly for the story you told about somebody had it notarized distribution.

Joe Brummel:
We had a situation a little over a year ago where someone, a fraudster, filled out paperwork for a participant in one of our plans for a $330,000 in-service withdrawal. When that paperwork came across the desk of the plan sponsor, the administrator to sign off on it, everything looked legitimate. This thing really did. The name, Social Security Number, address, phone numbers, you name it. It’s all there. What helped her catch it is that it was notarized in the state of Minnesota on a date when she knew that employee was not in the state. He was traveling. She looked at that and thought it was odd, picked up the phone and called his cellphone that she had in her records. He answered the phone and she said: “Hey, did you fill this paperwork out?”

Joe Brummel:
He’s like “What? No. Of course not.” It was caught, but then she called me and said: “Joe, we need to investigate this.” What we did is we did some research with a third party administrator, the record keeper, and their protocols. They will not give you all the protocols. They can’t. Because as soon as they reveal the code for how they catch this stuff, then it’s going to be exposed for others to essentially break that formula.

Fred Barstein:
Right. Great. Those are scary stories and something that I know that plan sponsors are really concerned about.

Joe Brummel:
Plan sponsors need to start paying attention to this. There’s over $7 trillion in these plans. The fraudsters go where the money is. It’s like Jesse James said when someone asked why do you rob banks, it’s where the money is. We need to pay attention to this, plan sponsors should. Getting participants to register their accounts, it’s a hard thing in some cases, but we need to promote it more. It needs to become a standardized metric in the industry as far as success, not just participation and deferral rates. This is another thing that should be on the radar.

Fred Barstein:
Right. We need advisors to be advocates for that for their plan sponsor. Anyway, well, thanks for your time today and thanks for your support of TPSU. It was a great program today and keep up the good work.

Joe Brummel:
Thanks, Fred.

Fred Barstein:
Thank you for watching 401k TV.

x

Check Also

401ktv Genie Awards

401kTV GENIE Award Nominations Still Being Submitted

401kTV GENIE Award Nominations Still Being Submitted 401kTV GENIE Award Nominations are still being accepted for the December 5th Program at the Gleacher Center located at University of Chicago. 403b Plan Sponsors and & 401k Plan Sponsors can be nominated ...