With everything from pizza deliveries to multi-million dollar deals being handled online, it should come as no surprise that hackers might target you 401(k) plan. However, security breaches don’t stop with an unknown party simply accessing your participants’ personally identifiable information (PII). Hacks also can lead to unauthorized withdrawals of funds from 401(k) plans. So, what can you do to avoid a cyberattack on your 401(k) plan? The following provides some best practices for avoid this type of costly breach.

Who is responsible for preventing a cyber attack on your 401(k) plan?

Employers and plan administrators must meet the ERISA prudence standard. Plan fiduciaries are expected to act in the best interests of the participants. This includes acting with care, skill, and diligence like any other prudent person.

What can you do to improve cybersecurity?

To avoid a cyber attack on your 401(k) plan, consider taking the following steps.

  • Practice care in hiring third party administrators (TPAs). Yes, you may have to hire TPAs, but make sure you carefully vet them. Your contract with a TPA should include provisions about developing and maintaining protection against cyber attacks.
  • Know where the data is stored and who is authorized to use it. Even if you have hired people to handle digital storage of sensitive data, you are still responsible for safeguarding it. Only authorized people should be able to see the data. Also, make sure your 401(k)’s data is safely stored.
  • Put security measures in place and maintain them. Make the safety of your digital data a top priority. Develop common sense, up-to-date protocols and then enforce them.
  • Train employees. Unless properly trained, employees may not realize the need to avoid a cyber attack. Divulging information and even passwords may not seem like a big deal unless the employees realize the consequences of doing so.
  • Monitor systems regularly. If a hacker does enter your computer systems, how long will it take to recognize the leak and block it? Regular monitoring of data storage and security systems is crucial.