You probably know that savings accounts up to $ 250,000 are protected by the federal government. And you probably know that someone who uses your credit card is only liable for the first $ 50 they spends.
But – and as if there isn't enough worry these days – the $ 20.6 trillion Americans hold in 401 (k) and 401 (k) -like accounts generally don't have similar security guarantees. And cyber theft of these assets is increasing.
Read: How To Stop Fraud From Wrecking Your Retirement
The federal government's Government Accountability Office (GAO) asked the Department of Labor on Monday to tighten the rules to protect your money and personal information such as social security, date of birth and bank account numbers. The Department of Labor regulates 401 (k) and other popular retirement plans.
Cyber thieves always seem to be one step ahead of the good guys, and GAO said participants' data and assets will continue to be at risk until better technical and legal protection is in place for investors. The GAO report called it "imperative that prevention and mitigation efforts by industry and government evolve to keep pace with these threats".
Read: A New Law Would Force Employees To Save For Retirement – And That Could Be A Good Thing
The pension plan tries to keep such thefts secret. The Wall Street Journal notes that little data is available on the extent of the problem. However, recent legal proceedings related to alleged theft and lawsuits filed by account holders for reimbursement of their property have been noted.
The GAO report makes alarming claims that, in some cases, thefts occurred within workplaces and that the perpetrators were employed by 401 (k) Plan sponsors.
"Cyber theft of retirement accounts is a growing problem," said Steve Silberstein, chairman of the Financial Services Information Sharing and Analysis Center (FS-ISAC), which combats cyber fraud in the financial industry, via email.
“In the US, people tend to keep a significant portion of their wealth in retirement accounts, so they are relatively high quality targets. Customers often re-use the same passwords for different accounts, increasing the likelihood that their credentials will be put up for sale on the dark internet. "
Read: These Are The Best New Ideas To Retire
Silberstein mentions another all too common problem. "Smaller record holders and third-party customers may not have a high level of sophistication when it comes to cybersecurity, especially in the fight against criminals who are constantly evolving their tactics."
Some people automatically rail against government regulations, but here's an example of how little or outdated regulations can cost them. There is generally no protection in relation to 401 (k) and similar retirement accounts as the so-called Federal Act on Securing the Retirement Income of Workers, which governs such plans, was passed in 1974 and retiree assets at higher risk.
"Americans planning and saving for retirement should have the security of their savings, but a cyberattack can jeopardize all of that in an instant," New Hampshire senator Maggie Hassan said in a statement. “This GAO report highlights the importance of strengthening cybersecurity for retirement plans. I look forward to working with my colleagues on both sides of the aisle to implement the report's recommendations and modernize cybersecurity requirements for those who manage retirement plans. "
The GAO report recommends that the Department of Labor clarify whether trustees – large asset managers who manage these trillions of assets – are responsible for cybersecurity and whether clients are aware of the potential risk of cyber theft.
What can you do to protect yourself until stricter laws and technology catch up? Silberstein from FS-ISAC offers the following tips for common sense:
• Take a close look at emails to get your personal information. Phishing emails often have incorrect phone numbers or bad links. Delete if in doubt.
• Do not download banking applications found on open forums. Go to the institution's website and from there use the link to the appropriate app store.
• Set up multifactor authentication (MFA) and unique usernames and passwords for all accounts: email, personal and professional social media, banking, retirement and investment accounts, health accounts, insurance accounts, and so on.
• Install updates on your computer, devices, and apps regularly.
• Provide updated contact information to the retirement account and use the options to be notified when funds are withdrawn from accounts in real time.
• Monitor accounts at least once a month for unwanted activity.
• Know how to contact the facility if you suspect attempted fraud. If you receive a suspicious text message, report it.
Read more news and advice on retirement