Don’t let retirement accounts be a target for hackers

July 7, 2015

NEW YORK (7/7/15)--Don’t assume retirement accounts are safe from hackers just because they’re insured by the National Credit Union Administration or the Federal Deposit Insurance Corp. (FDIC). Hackers are poised to move from retailers to financial institutions, and retirement accounts are squarely in their crosshairs (DailyFinance June 25).

The recent attack on the Internal Revenue Service is a stark reminder that financial and personal information can be stolen in more ways than at an ATM or gas pump. The IRS hack was accomplished using personal data--such as Social Security numbers--that was stolen in previous breaches.

Individual retirement accounts (IRAs) and 401(k) accounts make attractive targets for hackers because they likely aren’t as frequently checked as credit card and checking accounts. A hacker can empty an account in minutes, and finding the hacker can take weeks, if not longer.

The NCUA or FDIC insurance on retirement accounts only comes into play if the financial institution fails. Recently, however, some larger mutual fund companies have added two-factor authentication to access online information and will reimburse funds taken from an account in an unauthorized transaction.

Don’t make it easy for cybercriminals. Here’s how to protect yourself:

  • Use strong passwords. Passwords remain the weakest link for data theft. Avoid personal information such as birthdates, pets’ names or information that can be found on social media;
  • Use multifactor authentication.If it’s available, take advantage of it. Some retirement account providers will text a code to your smartphone before you can log in;
  • Check accounts frequently, at least once a month. Check for any changes. A small change can indicate a bigger issue--investigate it;
  • If your browser gives you the option to remember your password, say “no.”Click the option to “don’t ask me again” to prevent an accidental “yes” someday when you’re in a hurry;
  • Shop online at trusted sites. Established providers such asPayPal and Amazon are more likely to have security policies in place than smaller sites; and
  • Use the credit instead of debit option. When given the choice as you swipe, opt for credit. Credit card fraudulent activity won’t lock up your account funds.

Any account connected to the Internet, from DropBox to retirement accounts, is susceptible to an attack. Use proper security protocol and trustworthy devices to defend against attacks on your nest egg.

For related information, read “What Will EMV (Chip) Credit and Debit Cards Mean for You?” in the Home & Family Finance Resource Center.

Other Resources

Plan It retire ready toolkit

Home & Family Finance Resource Center

Identity Theft--Who Has Your Number electronic member seminar kit

IRS Identity Protection: Prevention, Detection and Victim Assistance