Recently, the U.S. Department of Labor’s Employee Benefits Security Administration issued cybersecurity guidance to help account holders reduce the risk of fraud within their retirement accounts. The basic rules below can help you protect your retirement assets and may serve as key reminders to remain diligent with any other online accounts you hold:

• Register, set up and routinely monitor your online account
  • Regular logins reduce the risk of fraudulent account access
  • Failing to register online may enable criminals to assume your online identity
  • Logging in regularly is a best practice to ensure you’re monitoring and managing key details, like your beneficiary designation, contribution rate, and investments
• Use strong and unique passwords
  • Mix letters (upper and lower case), numbers, and special characters
  • Use longer passwords and don’t use letters and numbers in sequence (no “abc”)
  • Consider using a secure password manager to track passwords instead of writing them down in an unsecure location
  • Don’t share, reuse, or repeat passwords and update regularly
• Use multifactor authentication:
  • Verifies your identity with a second credential, often a code sent via text or email
  • Make sure your retirement provider has a valid cell phone and/or email address
• Keep personal contact information current and use multiple options (email and cell)
• Close or delete unused accounts
  • The smaller your online presence, the more secure your information
  • Sign up for account activity notifications
• Be wary of free Wi-Fi
  • Public Wi-Fi in airports, hotels, etc. pose security risks that may give criminals access to your personal information
  • A better option is to use your cell phone or home network
• Beware of phishing attacks:
  • Aim to trick you into sharing sensitive information
  • May look like it comes from a trusted organization to lure you to click on a dangerous link or pass along confidential info

Common warning signs of phishing attacks include:

• A text message or email that you didn’t expect or that comes from a person or service you don’t know or use
• Spelling errors or poor grammar
• Mismatched links (a seemingly legitimate link sends you to an unexpected address); you should hover your mouse over the link without clicking it to view the actual destination
• An email or text request for your account number or personal info; legitimate retirement providers should never send you emails or texts asking for your password, account number, personal info, or answers to security questions
• Offers that seem too good to be true, express great urgency, or are aggressive or scary
• Strange or mismatched sender addresses
• Anything that makes you feel uneasy

You should ensure you have trustworthy antivirus software installed and updated to protect your computers and mobile devices from viruses and malware. Keep all your software up to date with the latest patches and upgrades. Many vendors offer automatic updates.

If you do encounter a cybersecurity incident or identity theft, you can refer to the FBI and Department of Homeland Security websites for reporting incidents:  

• https://www.fbi.gov/file-repository/cyber-incident-reporting-united-message-final.pdf/view
• https://www.cisa.gov/reporting-cyber-incidents

See the complete list of tips here.

Educational use only.