“Personalization Push Heightens Need for Advisers to Vet Cybersecurity” by Alex Ortolani.
As the retirement industry moves toward more personalization for participants to plan and save, the chance for bad actors to gain access to their information also increases.
FCI is seeing an alarming number of fraudsters acting like participants to get distributions from retirement plans, particularly defined benefit plans, which may be less frequently monitored than defined contribution plans.
Cybersecurity Expert Brian Edelman cautioned that “the more nonpublic information that participants share with recordkeepers or financial advisors, the more susceptible the participants are to hackers using that information. If hackers can use the information to trick the plan administrator into making a distribution of plan assets, then they are drawing from a very large pool.”
Brian recommended asking recordkeepers and third-party administrators for evidence of a risk assessment and observing the presence of cybersecurity controls such as multi-factor authentication and email encryption to prevent unauthorized system access.
His immediate recommendation: separate information-based email communications from email communications used to facilitate cash distributions, and adopt more centralized systems with embedded safety precautions instead of emails to better ensure protection of plan participants.
PLANADVISER, by Alex Ortolani