Complete Guide To Corporate Finance

The Business Finance Guide

Let’s say a small business decides it’s time to start offering a 401(k) retirement plan to employees. The business owner contracts with his online payroll service provider to handle everything, including setting up the plan with an administrator/advisor. Should there be any concerns other than making sure the payroll vendor enrolls all eligible employees correctly? Absolutely. Security should be at the top of the list.

Small business payroll companies offering 401(k) plans represent just a small fraction of the total number of companies involved in the investment industry. As such, they are also record keepers tasked with the responsibility of keeping worker data safe against cyber threats. But according to Investment News’ Greg Iacurci, not enough attention is being given to cyber security among record keepers.

Iacurci explained in a July 18 (2016) piece that 401(k) plan administrators and advisers had not made a real effort to inquire about security among their record keepers in the past. That’s not to say that these companies are at a substantially higher risk of data breach, but just that no one really knows because few people have asked. This needs to change. When big-name companies in the financial services sector are being attacked with impunity, every online payroll provider that also offers a 401(k) plan is at risk too.

A Significant Risk to Workers

Establishing 401(k) plans requires payroll companies to gather and store a tremendous amount of personal information from members. Including names and contact information, record keepers also have to get Social Security numbers, dates of birth, and transaction-related information that can include both bank account numbers and the account numbers of the actual 401(k) plans.

All of this information combined could allow hackers to wreak havoc on unsuspecting workers whose data is breached. Just imagine what could be done with a name, Social Security number, bank account number, and 401(k) account number. An unsuspecting worker could be robbed blind without ever knowing what hit him. Only when all of his accounts were drained to nothing would he be the wiser.

The fact is that cyber security should be as much of a concern to record keepers in the retirement plan industry as it is to banks, credit card companies, and retail operations. You could argue that it’s even more important given the total volume of information stored and used for investment purposes. The potential risks are scary if nothing else.

Standards Are on the Way

Iacurci says that the SPARK Institute, an industry trade group for record-keeping and consulting, is now working on standards and best practices to improve data security. He explains that the Institute hopes to be able to work with a third-party that could take the standards they develop and make sure record keepers are implementing them.

Developing robust security standards is a good first step to reducing the risk of security breaches related to 401 (k) plans. Along with standards, payroll service providers and other record keepers should also be employing common sense network security strategies to keep data safe. They owe at least that much to their clients and the workers they employ.

Working to create a more secure data environment will serve the dual purposes of protecting employees and making 401(k) plans offered through payroll services more attractive. A company that can rely on its payroll service provider to also securely handle a retirement benefit is a company that has one less headache to worry about. Let’s hope that the Spark Institute can get security standards in place before we see a significant breach of 401(k) data.


Comments are closed.