Author: Paul A. Carl, CHSA, CPFA™ Vice President, Retirement Plan Consulting, Registered Representative
Imagine checking your 401(k) plan account expecting to see a balance of several hundreds of thousands of dollars only to find out that your balance stands at $0. A quick check of your transaction history shows a total distribution that you never requested has taken place. What would you do? If you’re Paula Disberry, you file a lawsuit in U.S. District Court, Southern District of New York, against your retirement plan committee, the 401(k) plan recordkeeper, and the plan’s custodian (search Case No. 22-CV-5778 for more detail).
When the Employee Retirement Income Security Act was adopted in 1974, any utterance of “cybersecurity” most likely would have sounded like something out of science fiction. Today, it's big business and extremely important. Marketing research firm, BrandEssence, estimates the global cybersecurity industry will reach $403 billion by 2027, as reported on July 22, 2022 by Fortune.com. In Spring 2021, the U.S. Department of Labor, EBSA published “Tips for Hiring a Service Provider with Strong Cybersecurity Practices.”
At the participant level, cybersecurity risks include loss of plan assets and acquisition of personally identifiable information (“PII”). PII is your sensitive data such as your Social Security Number, driver’s license or state identification number, financial account and credit card numbers, and medical information. For the plan sponsor as well as plan service providers, risks encompass regulatory fines and expensive remediation, litigation, costs associated with data recovery and system restores, as well as claims under local and state laws, not to mention reputational risk.
Several best practices for plan participants include:
- Establish multi-factor authentication
- Use a strong password and never share that password
- Verify the correctness of your PII
- Monitor your account on a regular basis
- Be on guard for fake emails and texts that look real
As for plan sponsors and service providers, who may or may not be acting in some type of fiduciary capacity, establish cybersecurity policy and procedures incorporating the aforementioned DOL Tips. Train staff on cybersecurity, document, and revisit periodically. The DOL has initiated cybersecurity reviews. Plan sponsors have reported receiving a DOL letter specifically addressing their plan’s cybersecurity practices for the previous three years.
Do your plan service providers and fiduciaries have cybersecurity insurance?
The content of this blog is offered by HORAN Wealth Management, an SEC registered investment advisor. This information is not intended to serve as legal advice or as a substitute for the advice of your own counsel and should not be relied upon as such, as the advice appropriate for you will be dependent upon the particular facts and circumstances of your situation. Linked Websites: We provide links to other sites that we believe may be useful or informative. We do not take responsibility for links to third-party content or the accuracy of the content itself. Any links to third-party sites, or information therein, are not intended as and should not be interpreted by you as constituting or implying our endorsement, sponsorship, or recommendation of the third-party information, products, or services found there. Please note: clicking on external links means you will be leaving this Website; you assume total responsibility and risk for your use of the site(s) you are visiting. Neither the information nor any opinion expressed constitutes a solicitation to use our services or to purchase or sale of any security. Any reference to past performance is not to be implied or construed as a guarantee of future results. Market conditions can vary widely over time and there is always the potential of losing money when investing in securities. HORAN and its affiliates do not provide tax, legal or accounting advice. This material has been prepared for informational purposes only and is not intended to provide and should not be relied on for tax, legal or accounting advice. You should consult your own tax, legal and accounting advisors before engaging in any transaction.