Cybersecurity Breach and Plan Advisor Help
Cybersecurity breaches are on the rise, and the stakes are high. No one or no organization can ever be fully insulated from a cybersecurity attack. Even Amazon founder Jeff Bezos has fallen victim to a cybersecurity breach. A cybersecurity breach can be costly, unsettling and time-consuming to correct. It goes is now common knowledge that a well-executed cybersecurity breach or attack can be devastating.
Defined contribution (DC) plans and their participants are not immune to cybersecurity breaches. Each data transmission to your recordkeeper or payroll provider, for example, creates risk. According to the Ponemon Institute, just over half (52%) of cybersecurity data breaches are due to malicious or criminal attacks by hackers. However, the other 48% can be attributed to negligence and system failures. Every retirement plan participant relies on the expertise of their plan sponsor to protect the retirement assets of the company retirement plan. Participants are counting on their savings to provide an income during their post-work years. What’s more, they’re counting on you to protect those assets from becoming vulnerable to a cybersecurity attack. Plan sponsors and Retirement Plan Committees need to be asking themselves, “are we doing all we can to strengthen our retirement plan against cybersecurity breaches by keeping cybercriminals from hacking our participants’ accounts?”
As plan sponsors seek a methodology, process or service regarding cybersecurity and how to prevent cyber attacks, they should start by including their own firm’s IT department while simultaneously enlisting assistance from the retirement plan financial advisor. (If your plan partners with an experienced and knowledgeable retirement plan advisor, the advisor should have already been talking to you, and your retirement committee, about cybersecurity risk the latest advances in prevention.) Retirement plan fiduciaries and benefit committee members should possess a cybersecurity awareness of knowing what you and your service providers can, and should, and are doing to prevent a breach. If that is not the case, it’s definitely a good idea for you to raise the conversation about cybersecurity. If your plan advisor cannot provide the answers you’re looking for when it comes to implementing effective cybersecurity measures, then now is the time to consider interviewing advisors who can.
The Oechsli Institute which works with financial advisors recently published an article that may provide useful for plan sponsors who want to initiate the cybersecurity conversation with their retirement plan advisor. The article highlights 12 cybersecurity tips that can be used to safeguard data, processes, and systems. Many of these tips are good for both plan sponsors and advisors. The article takeaways are valid for plan sponsors, plan administrators, plan fiduciaries and retirement plan committees.
Some of the article’s cybersecurity tips are straight-forward and mostly common sense, such as, keep your devices locked, don’t click on an email or open an attachment from an unknown or suspicious source, back up important information, and be careful when browsing the internet.
However, some of the other cybersecurity tips mentioned in the Oechsli Institute article are less obvious but are important for plan sponsors to understand. For example, if your financial advisor or anyone with fiduciary responsibility for your plan talks to you about the perils of cybersecurity, listen. They may not be attempting to scare you. Cybersecurity is a serious business, and everyone is vulnerable. Again, if Jeff Bezos got hacked by cybercriminals, so can your participants. Passwords can be hacked more easily than you might think. The Oechsli Institute advises that eight characters aren’t enough. Passwords should avoid the use of common words, and should include a cryptic mix of letters, numbers, and symbols. The use of a password keeper like LastPass can help your participants keep track of more complex passwords without having to remember or write them down.
It is critical for all plan sponsors to have an in-depth conversation with your plan advisor about cybersecurity strategies and tactics. It is always a good idea to create a strong process for reviewing all participant accounts, and for knowing what to look out for when it comes to identifying suspicious or fraudulent activity and cybersecurity risks. As Oechsli Institute aptly points out, when it comes to cybersecurity, “Personal vigilance is key.”