Revisiting Cybersecurity: Action Items for Plan Participants

Revisiting Cybersecurity: Action Items for Plan ParticipantsCyberattacks have continued recently, including one major cyberhack on Equifax, which reportedly resulted in the stolen personal information of at least 143 million customers in the United States.[1] 

So, what about retirement accounts?  Can they be hacked? 

Yes.  Retirement accounts are just like any other online financial account, and they can fall prey to hackers in a similar fashion. Consider the personal information that a retirement account may contain: name, date of birth, social security number, address, and, potentially, banking information. Accordingly, retirement accounts are a target for cyberattacks, and while plan sponsors can take steps to prevent these attacks – primarily in the selection and monitoring of service providers that have the appropriate safeguards in place[2] - sponsors should also educate participants regarding the steps participants can take to prevent attacks. 

Consider educating participants regarding the following:

  • Remind participants about the Plan and its online features. Participants often forget about the retirement plan – particularly if it has automatic enrollment features. Remind participants that they may have previously set-up online access to their retirement account.   
  • Treat retirement plan accounts just like any other online account. Unlike online bank accounts that participants go to as frequently as every day or once per week week, participants may have the perception that their retirement account is different. Remind participants that their online access to their retirement plan account is just like access to any other financial services account (just like a bank account). For example, participants should remember to reset passwords and PINS for these accounts on a recurring basis. 
  • Remind participants to practice “computer safety.” In general, participants should update computer operating systems, browsers, and software. Consider reminding participants about safety with respect to firewalls and antivirus software. Remember that participants are likely accessing their retirement accounts both at work and at home. 
  • Assist participants in understanding heightened levels of authentication. Many service providers are heightening security in response to recent threats and attacks and utilizing features such as two-factor authentication as a result. Help your participants understand features such as two-factor authentication, voice authentication, and similar features.

The above is far from exhaustive in nature, but it exemplifies the steps plan sponsors can take to educate participants about the risks related to retirement plan accounts as a target for cyberattacks.  For additional resources for your participants, reach out to your recordkeeper, as many recordkeepers are now providing detailed communications and education for participants related to cyber best practices.  For other questions about how this applies to your plan, please contact a Multnomah Group consultant


[1] According to AARP, available at:

[2] See Cybersecurity: What Steps Are You Taking To Meet Your Fiduciary Responsibilities?, available at:

Multnomah Group is a registered investment adviser, registered with the Securities and Exchange Commission. Any information contained herein or on Multnomah Group’s website is provided for educational purposes only and does not intend to make an offer or solicitation for the sale or purchase of any specific securities, investments, or investment strategies.   Investments involve risk and, unless otherwise stated, are not guaranteed.  Multnomah Group does not provide legal or tax advice.  

Any views expressed herein are those of the author(s) and not necessarily those of Multnomah Group or Multnomah Group’s clients.

Comment On This Article