I remember when I was 10, there was no such thing as a debit card. In fact, growing up in the ‘80s meant no internet, no PayPal, no direct deposit or any type of remote banking. While they make things extremely efficient and easy for us, these technologies have paved the way for computer-savvy masterminds across the globe to engage in criminal and malicious acts of stealing your hard-earned cash. I check my bank accounts and credit cards daily to check for unauthorized purchases. If something is off, my bank or credit card company is quick to remedy the situation.

Being proactive by checking your bank accounts and credit cards is key to keeping your accounts and money safe.  However, are we totally safe and bulletproof? No. Cybercriminals are now bypassing smaller checking account balances in favor of our more lucrative retirement plan balances. It is equally easy to steal $1,000,000 as it is $100.  There are several documented cases where plan participants have had their retirement plan balances stolen.  A former Estee Lauder employee recently filed a lawsuit because she had nearly $100,000 stolen from her 401(k) plan in unauthorized distributions. The plaintiff claims the defendants – the employer, the recordkeeper, and the custodian – breached their fiduciary duties by not having processes in place to identify and stop the unauthorized charges, but no one is taking responsibility. The plaintiff is seeking restitution for her 401(k) account balance including investment earnings from the time her money was distributed to the time of judgment. 

So what are the best practices to safeguard your retirement nest egg?

1. Use strong passwords. Experts recommend staying away from simple passwords such as your children’s names, home address, or anything easily found on social media. We recommend using a combination of letters, numbers and symbols – but certainly not the commonly used phrase “Password1.”
2. Check your retirement plan balance regularly. A good practice is to check your retirement plan (and other accounts) regularly. By using a finance aggregator, you can see all of your finances (banking, credit cards, retirement plans, etc.) simultaneously.
3. Stay away from unprotected Wi-Fi. You are putting your personal information at risk when you use free and unprotected Wi-Fi. Hotels, airports, and coffee shops are prime venues where hackers tend to linger. A seasoned thief could gain access to your passwords, bank accounts, and email account in just a few minutes.
   
4. Be aware of phishing emails. Life is busy. We are constantly multitasking and trying to check things off our to-do list. While it is easy to read a quick email without noticing any red flags, it is very important to recognize the warning signs.  Check the sender domain. You may receive what looks like a legitimate email from your bank, but the domain will have a completely different identity such as fakename@fake.co.
   There are several warnings that the above image is a phishing email.  If you receive a phishing email, delete it without clicking on any of the links. Always be cautious of what you click.  In the above image, there is an action, “Please sign in to your account….”   However, when you place your cursor over the link, you will see that it is not Bank of America, but rather a fake link. If ever in doubt, call the sender institution to inquire about the email. IRS, banks, credit card companies, investment companies and other financial institutions will never send you an email to confirm account information that they should already have.
   

5. Request two-step authentication. By opting for a two-step process to gain access to your account, it may deter cybercriminals.  Any additional layers of security you can have are helpful in safeguarding your retirement account balance.

Plan Sponsors are playing an active role educating participants when it comes to cybersecurity. There are training programs available through cyber insurance carriers.  Experts predict this epidemic will gain momentum with advanced technology and mastermind cybercriminals. There is no clear guidance on who should be responsible for cybertheft, but the retirement industry will keep a close eye on the Estee Lauder lawsuit. Once there is clear fiduciary guidance on this issue, plan sponsors may take a more proactive approach in administering retirement plan assets.

Check with your retirement plan partners to learn how they are protecting your plan assets from cyber security threats and what signs to look out for.