With everything from pizza deliveries to multi-million dollar deals being handled online, it should come as no surprise that hackers might target you 401(k) plan. However, security breaches don’t stop with an unknown party simply accessing your participants’ personally identifiable information (PII). Hacks also can lead to unauthorized withdrawals of funds from 401(k) plans. So, what can you do to avoid a cyberattack on your 401(k) plan? The following provides some best practices for avoid this type of costly breach.
Who is responsible for preventing a cyber attack on your 401(k) plan?
Employers and plan administrators must meet the ERISA prudence standard. Plan fiduciaries are expected to act in the best interests of the participants. This includes acting with care, skill, and diligence like any other prudent person.
What can you do to improve cybersecurity?
To avoid a cyber attack on your 401(k) plan, consider taking the following steps.
- Practice care in hiring third party administrators (TPAs). Yes, you may have to hire TPAs, but make sure you carefully vet them. Your contract with a TPA should include provisions about developing and maintaining protection against cyber attacks.
- Know where the data is stored and who is authorized to use it. Even if you have hired people to handle digital storage of sensitive data, you are still responsible for safeguarding it. Only authorized people should be able to see the data. Also, make sure your 401(k)’s data is safely stored.
- Put security measures in place and maintain them. Make the safety of your digital data a top priority. Develop common sense, up-to-date protocols and then enforce them.
- Train employees. Unless properly trained, employees may not realize the need to avoid a cyber attack. Divulging information and even passwords may not seem like a big deal unless the employees realize the consequences of doing so.
- Monitor systems regularly. If a hacker does enter your computer systems, how long will it take to recognize the leak and block it? Regular monitoring of data storage and security systems is crucial.
Experienced ERISA Counsel May Help You Avoid a Cyber Attack
As an employer or plan sponsor, you are responsible for the safety of your employee benefit plans, including your 401(k). We can help you analyze your current plan and make any necessary changes.
The attorneys at Hall Benefits Law use their extensive experience to help their clients remain compliant with benefit laws. Please call 678-439-6236 to discuss your concerns with an experienced attorney. Our website contains more information about our firm, a Contact Form, and free resources for your review. From our home office in Georgia, we assist clients throughout the United States.
Latest posts by Hall Benefits Law (see all)
- ESOP Fiduciaries and ERISA Compliance - April 1, 2019
