Cybersecurity Advice for Retirement Plan Participants

Cybersecurity Advice for Retirement Plan Participants

Cybersecurity Advice is readily available for plan sponsors and plan fiduciaries.  But, what about cybersecurity advice for plan participants?  403b and 401k plan participants must take an active role in the possession of their own data and their retirement assets.  What does that look like?

At the conclusion of a TPSU fiduciary education session held at University of Minnesota, in Minneapolis, Minnesota, Fred Barstein, Founder and CEO, of The Plan Sponsor University (TPSU) spoke with TPSU Adjunct Lecturer, Joe Brummel.  Mr. Brummel discusses the vulnerability that can exist when 401k Plan Participants fail to log in to and register their retirement account.   There is always exposure when a third party holds assets, so it makes sense for plan sponsors and plan fiduciaries to take an active role in securing the plan assets.  Their discussion also explains two-factor authentication, which is designed to keep plan assets safe.  Cybersecurity advice is a growing area that plan sponsors and plan participants need to understand.

Full Transcript Here

Fred Barstein:
Fred Barstein with 401k TV. Just completed a TPSU program at the University of Minnesota. I’m here with our esteemed lecturer, Joe Brummel. Welcome, Joe.

Joe Brummel:
Thank you.

Fred Barstein:
Joe has been with us from the beginning and he actually was our first trial class. He’s an original CKP founding lecturer there as well. We can’t seem to get rid of him. He’s been a loyal great supporter, great advisor, been in the industry for 23 years. Just joined SRP, which is one of the largest defined contribution 401(k), 403(b) focused firms in the country with I think it’s close to 20 advisors. Is it over 20?

Joe Brummel:
Yeah. Depending on how you count the advisors, yeah, it’s around 20 plus.

Fred Barstein:
20 plus offices around the country, so it’s a great group and Joe has been doing this, very passionate about this for a long time. One of the subjects that came up today and is, I know, near and dear or maybe in fear for many plan sponsors is the whole issue of cybersecurity. One of the things about how sometimes participants don’t even log on and register. What’s the danger there?

Joe Brummel:
Well, the danger is that these accounts are not … They’re open. They’re exposed for someone else to essentially claim those accounts. Because if you haven’t registered your account, what does that mean? It means that someone else could easily come in and claim they’re you. There are four pieces of information that every record keeper uses some combination of for someone when they register their account initially.

Fred Barstein:
Right.

Joe Brummel:
Name, Social Security Number, date of birth, and address. Those things are all floating out on the internet or the dark web someplace for virtually everybody. If someone gets that information and they know you have a 401(k) or a 403(b) account at a particular record keeper or they could just test the different record keepers, they might be able to go on and claim they are you by registering as you. The way a participant combats that is they just have to go on and register their account. Claim they are themselves.

Fred Barstein:
Put in their email and cellphone because every time a change is made, they’ll check to see did you actually make the change and have a code.

Joe Brummel:
That’s the multifactor authentication process. The best thing a participant can do and a plan sponsor can do to help the participant, encourage them to do this is to register their account. With multifactor authentication, what happens is you now have that fraudster would have to have control of the person’s email or their cellphone so that when that text code or that email code comes across, they put in their username, their password, which is unique, they get to customize. But then they also have to have that code. It makes it almost impossible for a fraudster to get into someone’s account.

Fred Barstein:
Right, to do it. I think we have time briefly for the story you told about somebody had it notarized distribution.

Joe Brummel:
We had a situation a little over a year ago where someone, a fraudster, filled out paperwork for a participant in one of our plans for a $330,000 in service withdrawal. When that paperwork came across the desk of the plan sponsor, the administrator to sign off on it, everything looked legitimate. This thing really did. The name, Social Security Number, address, phone numbers, you name it. It’s all there. What helped her catch it is that it was notarized in the state of Minnesota on a date when she knew that employee was not in the state. He was traveling. She looked at that and thought it was odd, picked up the phone and called his cellphone that she had in her records. He answered the phone and she said: “Hey, did you fill this paperwork out?”

Joe Brummel:
He’s like “What? No. Of course not.” It was caught, but then she called me and said: “Joe, we need to investigate this.” What we did is we did some research with a third party administrator, the record keeper, and their protocols. They will not give you all the protocols. They can’t. Because as soon as they reveal the code for how they catch this stuff, then it’s going to be exposed for others to essentially break that formula.

Fred Barstein:
Right. Great. Those are scary stories and something that I know that plan sponsors are really concerned about.

Joe Brummel:
Plan sponsors need to start paying attention to this. There’s over $7 trillion in these plans. The fraudsters go where the money is. It’s like Jesse James said when someone asked why do you rob banks, it’s where the money is. We need to pay attention to this, plan sponsors should. Getting participants to register their accounts, it’s a hard thing in some cases, but we need to promote it more. It needs to become a standardized metric in the industry as far as success, not just participation and deferral rates. This is another thing that should be on the radar.

Fred Barstein:
Right. We need advisors to be advocates for that for their plan sponsor. Anyway, well, thanks for your time today and thanks for your support of TPSU. It was a great program today and keep up the good work.

Joe Brummel:
Thanks, Fred.

Fred Barstein:
Thank you for watching 401k TV.

FOLLOW US:

Thank you for visiting our site!

TRAU, Inc. and its affiliates TPSU and 401kTV do not provide investment, legal, tax or accounting advice. 401kTV readers and viewers should consult their legal and tax advisors for guidance. All materials, including but not limited to articles, directories, photos, videos, graphics etc., on this website are the sole property of TRAU, Inc. and are intended for educational purposes only. We do encourage your sharing 401kTV content with Plan Sponsors; however, unauthorized use of any and all materials is prohibited/restricted.

Permission to use any of the materials, etc. on any of this site or affiliate websites may be requested in writing at Webmaster@401ktv.com and may be granted in writing on a case by case basis. Use of all editorial content without permission is strictly prohibited.

Scroll to Top