National Cybersecurity Month Highlights Risk Awareness
National Cybersecurity Month, during the month of October, was established by the U.S. Department of Homeland Security and the National Cybersecurity Alliance. The purpose of National Cybersecurity Month is to ensure everyone has the resources they need to stay safe and secure online. In honor of National Cybersecurity Month, we will shine a spotlight on cybersecurity in retirement plans.
Even prior to National Cybersecurity Month being established, cybersecurity had taken center stage in the retirement plan industry. The risks associated with retirement plans have been increasingly showcased in recent years. There are sensitive participant data and precious financial assets to protect against would-be cyber thieves. In addition, with many retirement plans actively sharing data across multiple plan service providers, the cybersecurity vulnerabilities are self-evident and growing. While it is impossible to completely eliminate cybersecurity risk, it’s essential for retirement plan sponsors to manage these risks to fulfill their fiduciary duties under ERISA and serve the best interests of their participants as well, according to Chicago-based retirement plan consultant PlanPilot.
It is best to think of implementing cybersecurity measures as both a sprint and a marathon. In other words, cybersecurity is an ongoing, long-term exposure that requires your utmost attention today! PlanPilot offers some preventative cybersecurity measures to protect retirement plans and participants against cyber attacks.
During National Cybersecurity Month it makes sense to look at what PlanPilot and many others consider to be the most often misunderstood cybersecurity measures and procedures and related attacks. These three most cybersecurity threats are:
- Ransomware: This type of cybersecurity attack uses malicious software to encrypt a hard drive and deny access to a computer system until a specific amount of money is paid. Ransomware attacks are a cybersecurity nightmare because important data stored inside the computer that was compromised is now at risk. Data recovery is difficult, and there are no guarantees the data will be restored. Ransomware is a common cybersecurity threat and can be very expensive for an organization to fix.
The following are preventive cybersecurity measures for employees:
- Update software and operating systems with the latest patches. Outdated software and operating systems are more susceptible to attack;
- Never click on open attachments and links in emails that are not recognizable;
- Back up the computer and important data frequently. (For example, keeping the data on a system that does not need online support is recommended); and
- When browsing the internet, follow safe practices and do not click on risky links and websites.
The following are preventive cybersecurity measures for employers:
- Restrict employees from downloading and running software applications that are not approved. This will prevent malware from running and spreading through the network;
- Implement application whitelisting (specifying an index of approved software applications) parameters to only allow approved programs to run on a network;
- Scan all incoming and outgoing emails to filter and detect threats;
- Establish firewalls to block access to known malicious IP addresses; and
- Automatically update and back up all computer systems and information on a regular basis.
- Phishing: Cybersecurity threats from phishing come through fraudulent emails that falsify the identity of a reputable company or source. Phishing attacks are designed to steal sensitive data. In the case of retirement plans, the target is frequently participants’ account login information.
National Cybersecurity Month is as good a time as any for preventing cybersecurity attacks, by:
- Educating your employees on phishing and how to spot phishing emails. In addition, employees should be taught what to do if they receive a phishing email; and
- Implementing network security technologies that include email and web security, malware protection, user behavior monitoring, and access control.
- Wire Transfer Email Fraud: Wire email fraud is a form of a cybersecurity breach that occurs when a cyber-criminal poses as a senior executive or vendor requesting a wire transfer. The email may be threatening in nature, creating a sense of urgency for the employee to act right away.
The following are preventive measures plan sponsors can offer their employees:
- Validate every new payment instruction that is received via email, even if the email appears to have been initiated internally;
- Call the individual or vendor directly to validate the email was sent by them and confirm any requests for payments to make sure everything is legitimate; and
- Review all payments before they are sent to ensure all correspondence is validated and documented across the business.
Cybersecurity awareness, education, and preparation are practices that make sense every month and not just during October, during National Cybersecurity Month. Putting preventive measures in place and focusing on ongoing cybersecurity improvements will help employers and employees more effectively mitigate cybersecurity risks.
Latest posts by Steff Chalk (see all)
- State Fiduciary Rules May have Day in Court - February 19, 2020
- 401k Retirement Plan Fees Under Pressure - February 19, 2020
- Financial Coaching Superior Strategy for Closing the Retirement Intention Action Gap - February 16, 2020