The Employee Benefits Security Administration (EBSA) of the Department of Labor published the
following guidance for employees and their beneficiaries who check their retirement accounts
online to reduce the risk of fraud or loss. The basic rules include:

 

Register, set up, and routinely monitor your online account

  • Maintaining online access to your retirement account allows you to protect and manage your
    investment.
  • Regularly checking your retirement account reduces the risk of fraudulent account access.
  • Failing to register for an online account may enable cybercriminals to assume your online
    identify.

Use strong and unique passwords

  • Don’t use dictionary words.
  • Use letters (both upper and lower case), numbers, and special characters.
  • Don’t use letters and numbers in sequence (no “abc”, “567”, etc.).
  • Use 14 or more characters.
  • Don’t write passwords down.
  • Consider using a secure password manager to help create and track passwords.
  • Change passwords every 120 days, or if there’s a security breach.
  • Don’t share, reuse, or repeat passwords.

Use multi-factor authentication

  • Multi-Factor Authentication (also called two-factor authentication) requires a second credential
    to verify your identity (for example, entering a code sent in real-time by text message or email).

Keep personal contact information current

  • Update your contact information when it changes, so you can be reached if there’s a problem.
  • Select multiple communication options.

Close or delete unused accounts

  • The smaller your online presence, the more secure your information. Close unused accounts to
    minimize your vulnerability.
  • Sign up for account activity notifications.

Be wary of free Wi-Fi

  • Free Wi-Fi networks, such as the public Wi-Fi available at airports, hotels, or coffee shops pose
    security risks that may give criminals access to your personal information.
  • A better option is to use your cellphone or home network.

Beware of phishing attacks

  • Phishing attacks aim to trick you into sharing your passwords, account numbers, and sensitive
    information, and gain access to your accounts. A phishing message may look like it comes from a
    trusted organization, to lure you to click on a dangerous link or pass along confidential
    information.
  • Be wary of text messages or emails that you didn’t expect or that come from a person or service you
    don’t know or use.
  • Look for spelling errors or poor grammar.
  • Check for mismatched links (a seemingly legitimate link sends you to an unexpected address). Often,
    but not always, you can spot this by hovering your mouse over the link without clicking on
    it, so that your browser displays the actual destination.
  • Double-check shortened or odd links or addresses.
  • Use caution if you receive an email request for your account number or personal information (legitimate providers should never send you emails or texts asking for your password, account number, personal information, or answers to security questions).
  • Offers or messages that seem too good to be true, express great urgency, or are aggressive and scary are common signs of phishing attacks.
  • Strange or mismatched sender addresses can also be a sign of a phishing attempt.
  • Anything else that makes you feel uneasy should also be treated with caution.

Use anti-virus software and keep apps and software current

  • Make sure that you have trustworthy antivirus software installed and updated to protect your
    computers and mobile devices from viruses and malware. Keep all your software up to date with
    the latest patches and upgrades. Many vendors offer automatic updates.

Know how to report or identify theft and cybersecurity incidents

 

 

This mirrors the DOL Online Security Tips.

Prepared by the Department of Labor. 

 

 

 

You may also like

Company Stock and Your Portfolio: Keep Your Eye on Concentration Risk
Company Stock and Your Portfolio: Keep Your Eye on Concentration Risk
2 October, 2017

The opportunity to acquire company stock — inside or outside a workplace retirement plan — can be a lucrative employee b...

How Does a Retirement Plan Work?
How Does a Retirement Plan Work?
18 November, 2022

Employer-sponsored retirement savings plans, such as 401(k), 403(b), and 457 plans, present an ideal opportunity to buil...

How Does Your Employer’s Retirement Plan Compare?
How Does Your Employer’s Retirement Plan Compare?
18 April, 2019

Each year, the Plan Sponsor Council of America (PSCA) surveys employers to gauge trends in retirement plan features and ...