<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=187647285171376&amp;ev=PageView&amp;noscript=1">

Be Careful of Calls Regarding Your 401k Plan

Published by Kim Moore on Nov 26, 2021 6:00:00 AM

As you know as the Plan Administrator for your 401(k) Plan, you have access to and control a great volume of sensitive personal information concerning your Company, the 401(k) Plan and most importantly the participants in the Plan. This information would be very valuable to hacker, fraudsters and others that could use this critical information for nefarious purposes. As each 401(k) Plan requires filing of a Form 5500 which becomes public information on the Department of Labor EFAST website, we recommend you be very careful with requests for information regarding your 401(k) Plan. The filing includes an individual name and phone number at your company, so it makes it easy for those wanting to gain information about your Plan easy access.

We recommend you take the following approaches to ensure the data is safeguarded:401k protection

  • Periodically review the individuals with access to plan data. Ensure when personnel changes are made that the access is modified, accordingly. Review password standards with all employees with access to Plan data and ensure the passwords are periodically changed. Do not grant access to anyone that does not have a business need to view the data. Remember that even the ability to view the data poses a risk.

  • Ensure your staff understands that no employee or participant information can be shared via unsecured e-mail. If any reports need to be provided with participant names, social security numbers, etc. included they must be shared directly on a secured portal, via an encryption tool or other secured mechanism. Sending sensitive personal data via e-mail is extremely risky for your organization.

  • Be careful not to click on any links coming to your e-mail or respond to someone via e-mail unless it comes directly from your assigned representative at the service providers (payroll, 401(k) TPA or record-keeper) that you use. The fraudsters have become very clever at mimicking the large providers used and its difficult to tell a legitimate e-mail request from a fraudulent one. Never share confidential information using e-mail to avoid problems.

  • Lastly, you will receive calls from sales folks and others wanting to work with you on aspects of your 401(k) maintenance and administration. Be careful not to share information with these callers until you have verified their identity and you decide to establish a formal relationship with their organization. This is another way that fraudsters can work to gain information about your Plan.

It is critical to ensure the protection over the data in your 401(k) Plan and your participants are counting on you to ensure the confidential information that they have shared remains private. Please review the above steps to help maintain the security for your Plan and the vital information contained within the Plan records.

New Call-to-action

At Summit CPA we specialize in retirement plan audits. If you would like to discuss our audit process in more detail or need an audit contact our office at (866) 497-9761 to schedule an appointment. We can help you navigate the world of the 401(k) audit as proficiently as possible. We also offer off-site assistance and flat-fee pricing so there are no surprises when the job is complete.

Leave a comment