For companies, cyber attacks can cause a wide range of devastating consequences—from data leaks that cost millions of dollars to control the company’s reputation and cause irreparable damage to the company’s reputation, to induce employees to share sensitive information and fund the company. Scams transferred to fraudulent accounts. But the most destructive cyber attacks may be targeted at individual employees who have no resources to recover.
For example, cybercriminals are increasingly targeting employees’ 401(k) accounts in order to steal the identity of victims or conduct unauthorized transfers of funds. As retirement fund management becomes more and more digital, cybercriminals have discovered that the trillions of dollars hidden by Americans and their sensitive 401(k) account information are vulnerable to penetration and theft.
Millions of employees have put in decades of hard work to build their 401(k), but cybercriminals won’t think twice and exhaust them in a few seconds. This is why companies and employees must make 401(k) cybersecurity a top priority, especially as contributions continue to grow, digital account management becomes the norm, and cybercriminals’ strategies become more complex and disruptive. .
Why 401(k) cybersecurity has always become more and more important
Americans have more than $33 trillion in retirement assets, which is a little more than one-third of their total family assets. 401(k)s and other employer-sponsored programs amounted to more than US$6 trillion, with 106 million people participating. Despite the widespread use of digitally managed 401(k) as a tool for wealth creation and protection, cybercriminals can use many loopholes to target these programs.
For example, the US Government Accountability Office (GAO) reports that 401(k) administrators “share various personally identifiable information (PII) and plan asset data,” such as social security numbers, usernames, passwords, and bank account information. The GAO report continues: “The sharing and storage of this information may pose significant cybersecurity risks to the plan sponsors, their service providers, and plan participants.” Considering the fact that PII is the most frequently leaked type of data , GAO is right to pay attention to it in the context of 401(k) cybersecurity.
These concerns are particularly prominent during the COVID-19 pandemic, as Americans use the early retirement distribution plan provided by the CARES Act. In the next few years, cybercriminals’ attacks on 401(k) will only become more unscrupulous and creative, and employees must know how to protect their accounts.
What employees should pay attention to
The average 401(k) balance in the United States is more than $106,000. Americans are motivated enough to ensure that their hard-earned money is safe, which means they need to know which red flags to watch out for and what actions to take when a threat is detected. As with most successful cyber attacks, attempts to access an employee’s 401(k) account rely on social engineering tactics, such as fraudulent information requests or forced messages.
A report by the law firm Greenberg Traurig explained that cyberattacks “target 401(k) by phishing emails containing subject lines such as’change your 401(k) plan’ or ‘401(k) open registration’ Or pension information, trying to trick participants into revealing their 401(k) plan username and password.” Employees should always be alert to messages that urge them to take immediate action on their 401(k) accounts. Account holders should always contact their financial service provider to verify updates and request more information instead of following the instructions in the email.
One of the reasons 401(k) is such an attractive target for cybercriminals is that they are usually not closely monitored by account holders. This is why employees should monitor their accounts and report any suspicious activity immediately. But most importantly, account holders should remember that they should never rush to change their 401(k) or transfer funds. This is their money, and they have every right to ensure that it is handled properly.
Fully prioritize opportunities for cybersecurity
Some of the most effective ways for employees to protect their 401(k) will also make them safer overall. A cybersecurity platform that emphasizes the potentially huge consequences of human error will ensure that employees are aware of the attack vectors most likely to be used by cybercriminals who try to hijack information or money from their 401(k). Here are some of the most basic points to focus on:
- Always use unique and complex passwords (or even better, use a password manager), and do not share login credentials with anyone. According to Verizon’s latest “Data Breach Investigation Report”, more than 80% of hacking attacks “involve brute force cracking or the use of lost or stolen credentials.” Don’t give your 401(k) key to cybercriminals.
- Never change your account based on an email or phone call, especially if it urges you to take immediate action. Contact your financial service provider or your company directly-it should have multi-factor authentication, automatic account lockout, and other security measures to ensure that every interaction is safe.
- When you can access the same information through direct channels, do not click on the link or attachment in the email.
- Monitor your account for suspicious activity and report any violations immediately.
Cybersecurity sometimes seems to be an abstract issue to employees—they tend to see it as an issue that should be reserved for IT professionals and other experts. But all the above strategies apply to any employee, no matter how technically inclined they are. Realizing that their retirement accounts-the product of decades of hard work and savings-are at risk should be enough to motivate them to realize the importance of cybersecurity.
Matt Lindley is the COO and CISO of NINJIO. He has more than fifteen years of experience in the cyber security field.Before joining NINJIO, Matt was the CEO of REIN Cybersecurity, LLC., Senior Technical Manager and Director of Security Services at Cal Net Technology… View full bio