Safeguarding Your Retirement Savings from Cyber Attacks

Hackers have come up with more and more ways to hack into retirement savings accounts. They are increasingly targeting individual 401(k) accounts by impersonating the account owners so they can steal thousands of hundreds of dollars. Here’s how to help protect your hard-earned savings.

The popular 401(k) and similar workplace retirement plans hold almost $9 trillion in assets, according to the Investment Company Institute. You might think that the Labor Department would be responsible for reimbursing the funds it releases in situations of cyber breaches and attacks. But that’s not necessarily the case.

A cyber attack at any point in the chain may lead to “enormous losses” of data and retirement savings, which may ultimately lead to identity theft or “severe financial and other ramifications,” the Government Accountability Office said in a report. But it’s not yet been made clear who is responsible for safeguarding your assets.

So, without guidance of where to get help, what can you do to help protect yourself? Here are some steps that will go a long way toward keeping your retirement savings safe.

Utilize Strong Passwords

It’s important to be cautious with sensitive information, such as Social Security numbers, passwords, and addresses or phone numbers. Password managers can store or even generate secure passwords, much better than generic codes like your phone number  or “password.” 

Many people shop online, or register for subscription services and newsletters that could easily be hacked. Once you disclose that to a third party, that puts you at risk of being exposed. People can also turn on two-factor authentication, which means someone logging into the account would need to input the password and then a code sent via text message, email or phone call. 

Don’t use Text-based Verification

Two-step verification, also referred to as two-factor authentication, adds a layer of security to your online accounts. Instead of providing just a username and password to access your account, you must also provide another piece of information you have, such as a code sent to your phone via text message or an authenticator app.

This extra step makes it harder for a cyber criminal to access your retirement account, or any other account for which you set up two-step verification. But if you have verification codes sent by text message, it’s possible for a fraudster to bypass this security measure. For this reason, security specialists recommend two-step verification that relies on an authenticator app such as Microsoft Authenticator or Authy.

Don’t Log In to Your Accounts on Public Wi-Fi

Just like you shouldn’t discuss secure information on the phone while in a public place, you should also avoid using public Wi-Fi to log in to any of your accounts. 

On an open Wi-Fi network, hackers can easily gain access to what you’re typing on your computer. If you’re logging into your financial/retirement accounts, you’re essentially just handing them the keys to your assets. If you must use a non-secure public network, either use a VPN (virtual private network), or simply avoid logging in to any of your accounts while you’re out and about. 

Call Your Financial Institution Directly If You Receive a Phone Call Asking for Information

We’ve all received them, sometimes multiple times a day: Hackers have begun calling people and impersonating bank employees and retirement advisors in an effort to get them to reveal sensitive account information.

Your children may have warned you not to answer these calls, or provide these people with personal information – and they couldn’t be more right. If you’re asked to provide any account information over the phone, politely respond that you are not comfortable giving that information on the call and that you will call back and speak to your banker directly. Then, call your bank number/financial advisor number that you know is valid and ask about the suspicious call.

The same is true if you’re left a voicemail with a callback number. Always call your financial institution number that you know is valid, rather than a random number left on your voicemail.

Final Thoughts

Even if you take all of the security steps listed above to help protect your retirement account, never get complacent. The Labor Department is working on public-facing guidance for fiduciaries and service providers on securing their technology systems, but the timing and contents of the guidance are uncertain. This is why proactive planning could help reduce the cyber threat against your savings.

It’s important to not click on unfamiliar links via email or web searches and to always use the most updated software and operating systems when using  your computer or mobile device. Using an out-of-date program could mean it does not have the same security measures as the newest version, which will almost always create vulnerabilities.

At Johnson Wealth and Income Management, our team of retirement planning professionals are always here to answer any questions you may have about your accounts and their protections. For more information contact us today! 


All written content on this site is for informational purposes only. Opinions expressed herein are solely those of Johnson Wealth & Income Management and our editorial staff. Material presented is believed to be from reliable sources; however, we make no representations as to its accuracy or completeness. Investing involves risk. There is always the potential of losing money when you invest in securities. Asset allocation, diversification and rebalancing do not ensure a profit or help protect against loss in declining markets. All information and ideas should be discussed in detail with your individual advisor prior to implementation. The presence of this website, and the material contained within, shall in no way be construed or interpreted as a solicitation or recommendation for the purchase or sale of any security or investment strategy. In addition, the presence of this website should not be interpreted as a solicitation for Investment Advisory Services to any residents of states where otherwise legally permitted to conduct business. Fee-based financial planning and Investment Advisory Services are offered by Sound Income Strategies, LLC, an SEC Registered Investment Advisory firm. Johnson Wealth & Income Management and Sound Income Strategies LLC are not associated entities. Johnson Wealth & Income Management is a franchisee of the Retirement Income Store. The Retirement Income Store and Sound Income Strategies LLC are associated entities. © 2021 Sound Income Strategies.

Leave a Comment