Employers are constantly reminding employees to put enough money aside in their 401(k)s to ensure a comfortable lifestyle when it’s time to retire, but can you guarantee those funds are safe in the meantime?
The idea of workers’ 401(k) accounts falling victim to cyber-attacks is an alarming thought, but it’s something that employers should keep on their radars.
For one thing, it’s already happening. The Securities and Exchange Commissions (SEC) Office of Compliance Inspections and Examinations just issued a risk alert after its second round of examinations into retirement plans’ broker-dealers and registered investment advisors (RIAs) internal risk protections.
And with good reason. A staggering 88% of broker-dealers and 74% of RIAs told the SEC they’ve been subject to cyber-attacks (directly or through third-party vendors).
According to the SEC, malware and fraudulent emails were responsible for the bulk of the attacks and, while a number of attacks were stopped, an alarming number of breaches actually did take place.
Case in point: Around 25% of broker-dealers had losses of at least $5,000, and one RIA recorded a loss greater than $75,000 — though the client was eventually made whole on the loss.
The SEC’s findings also showed why employers have a reason to be concerned about the security of their401(k) plans: A quarter of broker-dealer losses stemmed from workers who were not following their established identity authentication processes.
‘Everyone is susceptible’
How dire is the 401(k) cyber-attack threat?
Peter Martini, the co-founder of iBoss Cybersecurity, puts it like this:
At the end of the day, your network will be hacked … 401(k) accounts really present some of the biggest exposure because people don’t check their accounts. Advisors and providers to plans also hold so much information on participants that hackers can steal [and] sell on the black market, which can then be leveraged for other attempts at fraud.
Martini went on to say that while everybody was at risk for this type of security issue, some firms were more vulnerable than others by stating:
Everyone is susceptible. Even more so with smaller firms, which usually have less protection less software, infrastructure and overall, less resources. They’re often the easiest targets. Thieves go after easy targets.
Based on these findings, Finance pros may want to sit down with any vendors, providers or RIA associated with their 401(k) plans to see what type of cyber-attack security they have in place.