Mary Beth’s Corner

Cybersecurity Within The Retirement Industry

General
November 23, 2022

When asked why he robbed banks, a well renowned bank robber by the name of Willie Sutton answered, “because that’s where the money is.”

Today, instead of robbing physical banks, thieves have sharpened their skills and honed in to “where the money is” – your retirement plan. It is estimated that cyber-attacks happen every 44 seconds throughout the day, leaving your hard-earned savings susceptible to fraud.

Risky Business

A key part to avoiding cyber-attacks is knowing where and what to look for. Identifying and monitoring high risk areas within your systems will decrease the likelihood of cyber fraud. Below are the top 3 most common cyber-attacks within the retirement industry.

Malware – There are different forms of malware that are designed to extort the victim in some way, the most notable being ransomware. Ransomware is used to encrypt the victim’s files and ask for a monetary sum for the decryption key.

Phishing – The most common form of cyber-attack due to the ease and rising effectiveness. These attacks are usually in the form of an email where the attacker tries to trick an unsuspecting victim into handing over valuable information, such as passwords, credit card details, intellectual property, etc.

Man-in-the-middle attacks (MITM) – Where an attacker intercepts communication between two parties to spy on the victims, steal personal information or credentials, or alter the conversation in some way. Victims to these attacks are becoming less common due to email and chat systems using end-to-end encryption, but still seen within the workplace.

For more information on other forms of cyber-attacks and how to prevent them click here.

Best Practices for Plan Sponsors

As a plan sponsor there are a few preventative tools you can utilize to be proactive against cyber fraud while partnering with My Benefits.

Leverage your Retirement Plan Investment Recordkeeper – Asset custodians have invested millions of dollars to help protect your plan assets from cyber thieves. As such, your best course of action is to always start a participant transaction directly through your retirement Plan’s investment recordkeeping provider’s participant services support desk or participant website. For access to your service provider’s support teams, click here.

DON’T USE DIRECT EMAIL: Send Documents Securely through Plan Sponsor link/ Sharefile – When sending sensitive data to and from your retirement plan partners, ask for access to a secure file exchange portal. As a client of My Benefits, you can send files through our secure file exchange by visiting our website and clicking “My Benefits Sharefile” in the header.

Turn On Two-Factor Authentication – Implementing two-factor authentication on your devices is a great first step to enhancing your cyber security. For increased security, try multi-factor authentication methods.

Use a Password Manager – There are many different password managers varying by price and likability that you can utilize throughout your organization. No matter which you choose, a password manager’s main goal is to securely store passwords, logins and digital records – bridging the gap between security and convenience.

If you or someone you know suspects or has been a victim of cyber fraud it’s important to act quickly and engage counsel, utilize cyber insurance or cyber covered services and perform an analysis to find the root cause.

My Benefits is committed to helping prevent cyber fraud from occurring to you and your retirement plan participants, but it takes a collective effort from all parties to protect our village. Let’s all work together to keep the Willie Sutton’s of the world from attacking us.