If it wasn’t already clear to retirement plan advisers and plan sponsors, Employee Benefits and Security Administration head Lisa Gomez reiterated this week the importance of cybersecurity and increased protection for participants in a new post providing eight areas for guidance.
“It seems like not a day goes by where we’re hearing about a different breach… but it’s a continuing struggle,” Gomez said last week at the Plan Sponsor National Conference.
In her blog post on the Department of Labor website, Gomez laid out various tips plan sponsors and advisers can convey to participants for keeping their information safe.
The blog post also recommended that participants avoid sharing, reusing or repeating passwords. Individuals should also keep their password updated every 120 days and use multi-factor authentication, such as verifying identity using a fingerprint or by entering an email or text code, according to Gomez.
When checking one’s retirement account, participants should also avoid using a public Wi-Fi network, as these networks can be accessed by criminals. Instead, they should use a cell phone or a home network for internet access. The blog post also warned against falling victim to phishing scams, of which warning signs may include an unexpected text message or email, spelling errors or poor grammar.
Installing antivirus software and keeping apps and software up to date are important preventive measures as well, Gomez noted. Additionally, one should know how to report identity theft and cybersecurity incidents. In the case of a cybersecurity attack, a participant should contact the FBI or the Department of Homeland Security.
Retirement plans are a target today because that is where so much wealth is held by American savers, Larry Crocker, founder and CEO of Fiduciary Consulting Group, told a group at PSNC last week. It is therefore crucial for retirement plan committees—and their advisers—to engage in cybersecurity discussion and reviews as an ongoing part of their work, he and other experts noted.