Takeaway: DC plan sponsors and other organizations should be careful to remind employees and plan participants of proper cybersecurity practices in a time of increased cyber vulnerability.
Background: With much of the U.S. workforce engaging in social distancing and isolation best practices, we have seen a shift to working remotely at an unheard-of pace. Additionally, there is a significant appetite for information about the novel coronavirus (COVID-19) and turmoil within financial markets. Recordkeepers have reported an increase in participant inquiries of 20%-30%, and they are working to provide relevant messaging to participants on the evolving situation.
These two factors have produced an explosion of exploitable targets for hackers. Unfortunately, this comes at a critical time, when online systems are more important than ever for facilitating work and maintaining productivity. There have been numerous reports of increased activity by cybercriminals and fraudsters, and in many cases their targets are new websites that are being rapidly created to disseminate information about COVID-19. Clicking on unfamiliar links can potentially lead to increased risk of malware being introduced to a network or phishing attempts to solicit personal information, and hackers are using these websites as points of attack.
Callan is participating in regular briefings on these risks conducted by the Department of Homeland Security’s Cybersecurity and Infrastructure Agency (CISA) and Federal Emergency Management Agency (FEMA), and we will share episodic updates as appropriate.
Targeted guidance regarding how to protect your organizations from increased cybersecurity risks associated with COVID-19 is available at https://www.cisa.gov/coronavirus.
Bottom Line: Cybersecurity best practices are more important in this moment than ever, and there are resources for employers and best practices available from the Department of Homeland Security. Retaining functioning and secure networks is both more difficult and more critical at a time when a significant portion of the workforce has rapidly shifted to working from home. It is of particular importance at this time to document and follow a prudent process regarding steps taken to secure retirement plan data.