Lisa Gomez, head of the Department of Labor’s Employee Benefits Security Administration, authored a blog post published on the Department of Labor’s website last week that outlines a number of tips for employee retirement plan sponsors and participants to minimize their cyber vulnerabilities.
The first advised course of action is to register your accounts online to enable virtual monitoring of the assets, which may be somewhat counterintuitive since doing so would seem to increase exposure to cyber attack on its face, but the net effect is a greater degree of protection overall. By regularly checking in on their accounts through an online portal, plan holders can quickly assess any activity they encounter that appears suspicious. In fact, not registering your accounts online opens the door for criminals to fraudulently assume your identity by registering your account as their own.
The second recommendation is simply to regularly change passwords on a schedule (e.g. every 6 months) to increase password strength generally, which is basic but effective and far too often overlooked by people who should know better given that the top two most common passwords at some of the world’s largest companies remain “password” and “12345” according to a recent analysis. Passwords should be a combination of at least 14 characters made up of letters, numbers, and symbols - it’s best to stay away from words that are in the dictionary while reusing passwords across many sites is frowned upon, as well.
Along similar lines, another simple but necessary and often neglected action that can significantly increase the effectiveness of your cybersecurity efforts is to enable two-factor authentication, which adds exponential protection relative to the small amount of inconvenience and lost efficiency that comes with adding a second step to login protocols, which can include fingerprint scans, verification text messages, or confirmation emails.
Further, when it comes to accessing those retirement accounts online, it’s wise to avoid doing so via public Wi-fi networks - which can be infiltrated by criminals - and instead access accounts via cellular service on a smartphone or tablet or via private/secure internet connection.
Regardless of how secure a users account access points and internet connection may be, of course, no cybersecurity measure can fully protect against human error when it comes to susceptibility to phishing scams or other fraudulent tricks designed to dupe people into unwittingly handing over information and/or the means to access an account or its contents. In addition to avoiding messages from unknown or unexpected sources - especially if they include any link that seems at all suspicious or contain bad grammar or gratuitous spelling mistakes - best practices should include installing and regularly updating antivirus software and relevant patches.
And finally, it’s important for users to make sure that they have reviewed and know how to report a cybersecurity breach or identity theft in the event that they or their companies fall victim to a cybercrime, but it’s also important for users to ensure that their contact information stays up-to-date in the system of the platforms through which they access their accounts and that they have notifications turned on in the event that the user needs to be reached quickly in order to minimize any damage that may be caused by a cybersecurity breakdown.
You can access the Department of Labor post and read more about this topic here.
.svg){kind=small}
.svg){kind=small}
%201.svg){kind=small}
