Skip to main content

You are here


5 Steps to Cyber Security

Recent reports of 401(k) thefts and an ongoing concern about cybersecurity (should) have everybody on the alert. Here’s some things you, your plan sponsor clients, and their participants should check out—now.

Find Your Account(s)

It may have been a while since you checked out your 401(k) balance—indeed, many may not have ever  checked it out online. Start by tracking down the website, your user id, your password. If you haven’t done so in a while, you may have lost those credentials—or your access may have been disabled. Even if those credentials are still valid, it’s probably a good time to change them. Make sure you remember those account(s) at previous employers’ 401(k)s that you may have left “behind.” 

Oh, and it will be less frustrating if you don’t do this on the weekend. In my experience, few offer customer service support then, and if you need help getting on, you’ll need some help.

You might also find that it’s a good time to consolidate those 401(k) accounts so that your “check up” can be a bit less burdensome in the future.

Make Sure ‘They’ Can Find You, Too

Addresses change, phone numbers too. You’ll want to make sure that your contact information is up to date. That old work email address probably doesn’t work anymore, either—make sure those “old” 401(k) accounts know where you are.

Change the ‘Locks’

Chances are the last time you logged into your 401(k) account, you were told to come up with a password that was a combination of so many letters and characters you lost count. You may have been prompted to come up with answers to a handful of seemingly random “security” questions (what was  your first concert, after all?). You may have been asked if you wanted something called “multi-factor” authentication (for example, you might be asked to enter a code that is sent to a phone or email account that you have previously authorized). And, if you logged in from a different device (smartphone, or even a different browser), you may well have been asked to confirm that as well.

Frustrating as that series of hurdles can be if you are in a hurry, they’re all designed to stop, or at least slow, someone hacking your account. So, change your password regularly, use a password manager to help you keep up with passwords no human brain could possibly be expected to retain, and definitely go with multi-factor—because when someone who isn’t you accesses your account, you want to know it before  they get in. 

Check Your Beneficiaries

One of the most common areas overlooked is that of beneficiaries—the folks that you want to receive your account balance if you’re no longer “here” the receive them. This is so critical that the Plan Sponsor Council of America focused its recent 401(k) Day campaign on the topic. 

The default assumption if you’re married is your spouse (if you want to designate someone else you’ll need their acquiescence), but—like addresses, spouses have been known to change, children have been known to come along, children have been known to marry individuals that wouldn’t be your first choice, and life situations change. I actually had a situation where my beneficiary designation was (apparently) “lost” during a provider change.  

You’ll want to make sure that who’s on record as your beneficiary is current because things change—and the plan administrator will almost certainly distribute benefits to the person(s) you’ve designated—regardless of “circumstances.” 

Get a ‘Ready’ Read

Oh, and while you’re at it—you might want to check out your retirement readiness—how much you’ll need to retire comfortably, and how close your savings and other assets are to making that a reality. 

That might, in turn, not only provide you with good insights as to how much you need to be setting aside—but provide a sense of comfort as you work with your advisor/investment professional. 

It’s important that your savings be secure, after all—but ultimately you need them to be… enough.