Security-It's An Ongoing Concern
Cybersecurity gets a lot of attention. You may believe that your company 401(k) Plan is low on the list of fraudster targets. However, several recent court cases show that is not the case. Fraudsters have located copies of paper forms for Plan withdrawals, made modifications and submitted them, moving participant account funds overseas for the fraudster’s use, impersonated participants to gain access to their funds, and utilized employee information to reset passwords to gain on-line access to participant accounts, among other schemes. Security over employee and participant information is key to preventing this from happening to your Plan participants. We recommend the steps below to help secure your Plan participant information and accounts:
- Ensure HR and Payroll files (including blank Plan request forms) are maintained in a secured area. Restrict access and review those with access on a periodic basis.
- Ensure Plan level access to Plan information is restricted, passwords are changed on a regular basis and the list of those with this level of access is reviewed regularly.
- Communicate with 401(k) Plan participants regarding their access to Plan information. Remind them about strong password controls, not sharing passwords or PIN’s and other general security controls.
- Review the security controls at the Plan service providers and payroll provider. These large organizations will often have a SOC report (Service Organization Controls report) that describes the controls in place. Some of these reports will also have testing conducted on these controls. A review of these reports can identify potential weaknesses in the controls at the provider. Review any concerns noted with the provider and consider additional controls you make put in place to mitigate these weaknesses or consider moving the Plan to a more secure platform.
These are just a few suggested security control considerations to help protect your Plan. The Department of Labor has put together a web page with Cybersecurity tips to help employers navigate this confusing area – see the hyperlink below.
Our audit staff specialize in 401(k) auditing. We have an established process and provide regular training to our staff to ensure the overall client experience is as streamlined and simple as possible. We believe these tools and processes help our client experience to be as positive and stress-free as possible. Give us a call at 260-918-8824 if you’d like to learn more about Summit’s audit process.