As Americans approach retirement, accounts like IRAs and 401(k)s hold significant portions of their net worth. It’s important to protect your nest egg so in your golden years you can maintain the lifestyle you’ve worked so hard to attain.
How do we protect retirement savings? We do things to hedge losses like investing in bonds more and stocks less over time.
But what about hackers? My money is protected and insured, right? Not necessarily. Money in investment accounts is not FDIC protected like savings/checking accounts.
2 Basic Ways Your Retirement Account Can Be Hacked
Investment firms may not help if you don’t fulfill your security responsibilities. Vanguard’s Online Fraud Policy clearly states you will be reimbursed in the event of a hack only if you have met your security responsibilities.
7 Tips for Securing Your Online Investment Account
- Password Manager and Multifactor Authentication
Bottom line…if you are not using a password manager like LastPass, your passwords are likely weak, probably not complex, and all too similar. Using a password manager and a complex, randomly-generated password will make your retirement account password hard to crack.
If passwords are hacked and leaked on the internet, password complexity will not matter. Enabling multifactor authentication (MFA) on investment accounts will help protect you if this happens. Use an app like Google Authenticator if your investment firm supports that. If not, SMS text message may be your only way to receive MFA codes.
Pro Tip! Be sure the password that you set for your password manager account is complex, but something you can remember. Also, enable multifactor authentication on your password manager account. After all, these are the keys to the kingdom.
- Protect Your Email Account
What does my email account have to do with protecting my retirement account?
For most online accounts, clicking the “Forgot Password” link at login will send you an email with password reset instructions. If hackers gain access to your email account, they can reset passwords for all your accounts.
Use the same techniques listed in step 1 to protect your email account.
- Don’t Trust Emails or Phone Calls from Financial Institutions
In general, never trust random email or phone communication asking for sensitive information or money. You never know if they are real, or malicious attempts to phish information from you.
If you receive an email or phone call from your financial institution, document the reference number from that communication. DO NOT given them ANY information. DO NOT trust information they provided through email or over the phone. This includes phone numbers, email addresses, and website links.
Call the customer service number listed directly on your financial institution’s website, and provide them with the reference number. If they have a record of the reference number, the communication was legit.
- Avoid Using Public WIFI and Computers to Access Financial Accounts
Only trust networks and computers that you know. Using a public network allows others with malicious intent on that same network to monitor your activity and obtain credentials.
Do not trust computers that are not yours (hotel lobby, library). Who knows what kind of information stealing malware may be installed on them?!
- Protect Your Computer and Devices
Hackers try to exploit vulnerabilities on devices. Keeping them malware-free. Installing current, suggested updates will help prevent hackers from stealing your investment account login information.
Three basic ways to protect your device:
- Enable device firewall
- Install security software
- Update device operating system
- Set Up Notifications
It’s important to be notified any time there is activity detected or changes made to your investment account.
These notifications will keep you informed in the event of unauthorized activities like fund withdrawals, or changes to the mailing address.
- Login and Check Accounts Regularly
Perform monthly routine maintenance on the security of your account by checking the following:
- No unauthorized transactions
- Balance is correct
- Notifications are still active
- Multifactor authentication is still enabled
- Password has been changed recently (at minimum, every 180 days)
Don’t Be the Weak Link
“Companies spend millions of dollars on firewalls, encryption, and secure access devices and it’s money wasted because none of these measures address the weakest link in the security chain: the people who use, administer, operate, and account for computer systems that contain protected information.” – Kevin Mitnick, world renowned ethical hacker
You likely have an alarm, keys and insurance for your car. You also may have a safe, insurance and routine maintenance for your jewelry.
We live in a world where some of our most important assets are digital. Take it upon yourself to protect those assets so you are not the weak link.
Technology Strategist and Managing Member of Fields Technologies
Matt Fields is a Technology Strategist and Managing Member of Fields Technologies, LLC, a full-service technology firm focused on Cybersecurity Compliance, Managed Services, and Technology Consulting. His involvement in IT Operations, Information Security, Compliance and Assurance has been extensive throughout his career. His experience includes the implementation and management of solutions for complex enterprise IT environments, Sarbanes-Oxley (SEC), NISPOM (DoD), DFARS 252.204-7012 (DoD), NIST 800-171 (DoD), and 21 CFR Part 11 (FDA).