With the prevalence of data breaches in today’s news, now is as relevant a time as ever to remind employees about protecting their retirement accounts from potential fraud. What steps can employees take to help secure their accounts?
- Strong password management. Many times, the retirement plan account password is the same, or very similar, to another password in an account that may have been breached. Changing passwords and using stronger, randomly-generated passwords goes a long way towards protecting private information.
- Review account transactions. Online access that is available 24/7/365 has taken the scrutiny from quarterly or annual statements. Reviewing your account on a frequent basis can help identify fraudulent activity quickly.
- Avoid using security questions where a hacker may potentially be able to find the answers from information which can be found publicly, such as on social media.
What steps can you take as the plan sponsor?
- Ask for verification of distributions and loans if the recordkeeper allows for it. It might seem to be an excessive burden to approve individual transactions but checking with an employee by cell phone or protected communication channels will prevent a lot of problems down the road. Remember, if the participant’s email was the source of the hacked information, the hacker could still be accessing email accounts undetected.
- Establish a system of checks and balances within your own human resources and accounting departments. Fraud can occur in many ways, and hacking seems to be the most prevalent today. Internal personnel have the power to request and direct retirement distributions for the plan’s recordkeeper.
It’s good practice to review your retirement plan’s transactions each month like you would your company bank account or credit card accounts. If you see any questionable transactions, please contact your TPA immediately.