Approximately 1 in 20 Americans have been affected by identity fraud. According to the Javelin 2020 Identity Fraud Report, approximately 13 million Americans every year face some form of identity fraud, including credit card fraud, account takeovers, and government benefits fraud.
While many individuals and organizations have become accustomed to the risk of identity fraud, the recent rise in 401(k) theft perpetrated by strangers is cause for renewed concern.
Protecting Your Retirement
Monitored less frequently and typically containing significantly more than bank accounts, retirement accounts have a distinct appeal to thieves. As thieves set their eyes on retirement accounts, which are not subject to federally imposed limited consumer liability, workers and retirees may need to take a more active role in protecting their 401(k) accounts.
Companies administering 401(k) plans attempt to thwart hackers by spending millions and constantly upgrading security measures to stay one step ahead of hackers. Despite these efforts, breaches happen and consumers lose personal information and sometimes significant portions of their retirement funds.
These companies often have reimbursement policies for theft from retirement accounts. The policies may depend on the individual’s ability to prove they practice sufficient cybersecurity.
Practicing good cybersecurity and protecting your 401(k) may begin with the following steps:
- Having an online account for your retirement fund denies thieves the opportunity to take control of your unclaimed online account.
- Actively monitor your 401(k) account by signing up for alerts and frequently verifying your information.
- Sign up for two-factor identification to deter thieves attempting to utilize stolen information.
- Check in regularly. Check your 401(k) account, including your email and street addresses, at least monthly. Sign up for text alerts that notify you of changes or transactions and use multifactor authentication, which verifies your identity by sending codes to multiple devices.
- Do not use public Wi-Fi. When used without a VPN, public Wi-Fi can be an open invitation for thieves.
- Avoid clicking links in emails, especially emails requesting personal information.
- Install software updates when available. These updates can be essential for closing gaps in your computer’s security.
- Use secure passwords. A secure password is unique to a given site and contains a mix of upper and lowercase letters, numbers, and symbols.
Cyber thieves targeting retirement accounts is a troubling development. As laws and 401(k) plans adapt to this rising threat, SDC CPAs recommends being proactive and following the cybersecurity steps above. The time it takes to practice good internet hygiene is negligible compared to the potentially devastating consequences of not doing so.