How to Protect 401(k) Plans with Cyber Security
CO-CREATE | CO-DEVELOP | DELIVER
- Media Library
- Publications & Articles
- News & Alerts
Jen: This is the PKF Texas Entrepreneur's Playbook. I'm Jen Lemanski, and I'm here with Michael Veuleman, Audit Practice Leader and one of the faces of PKF Texas’ Employee Benefit Plan team. Michael, welcome back to the Playbook.
Michael: Thanks, Jen. It’s good to be here.
Jen: So, Michael, with cyber security being in the forefront of companies’ minds, do they have an obligation to safeguard their employees’ data, including 401(k) plans?
Michael: So, Jen, the short answer is yes. Plan sponsors and plan administrators have a fiduciary responsibility to protect the plan information and make sure that it's secure. In the U. S., retirement assets are approaching $30 trillion, and of that, about eight trillion is defined contribution plans and these assets are increasingly becoming targets of foreign hackers.
Jen: So, what are some ways that companies can be exposed?
Michael: Well, Jen, the fact is most companies are just not fully prepared to sustain a sophisticated cyberattack. Plan sponsors and administrators contract with third-party administrators—we call TPAs. These TPAs allow access to many different people involved in the process. Some obvious examples of this are your HR department, your payroll clerks and even your corporate and plan auditors.
Jen: Interesting. So, are there ways that they can help limit their exposure for the employee data?
Michael: Even in the audit process auditors are given access to online data, mainly it's to streamline the process. What we suggest that plan sponsors and ministers do is have their employees, their third-party administrators, and their auditors change their passwords on a routine basis and also implement a dual authentication program. Also, they should ensure that the auditors do not retain the social security numbers of the plan participants in their files and in any files that they don't retain in the audit file should be deleted. And then lastly, they should have their TPA set some time period restrictions on access.
Jen: Well, good. We'll get you here to talk a little bit more about some employee benefit plan topics at another time. Does that sound good?
Michael: Sounds great.
Jen: All right. For more information about this topic, visit www.PKFTexas.com/BenefitPlanAudits. This has been another Thought Leader Production brought to you by PKF Texas the Entrepreneurs Playbook. Tune in next week for another chapter.