Cybersecurity Tips for 403(b) Accounts

Like a roaring lion, today’s cybercriminals are prowling about online, seeking whose funds they can devour. Thankfully, applying a few simple tips goes a long way in protecting your employees’ 403(b) accounts from thieves. Following are some tips shared with us by Empower Retirement, a leading expert in retirement account cybersecurity. Empower takes the business of protecting your 403(b) accounts very seriously!

4 Best Practices for Church Treasurers:

You are often the first line of defense for your church. Here are four things you can do to help protect your employees.

1. Provide Alliance Benefits with up-to-date mailing addresses for your 403(b) participants. Alliance Benefits must be the one to update addresses, but participants should regularly log-in and update their email and phone contacts.
2. When sending 403(b) forms to Alliance Benefits, we encourage you to use our secure online forms submission portal, located on our Forms page. Please do not email anything with social security numbers or other confidential data.
3. Regularly remind your employees not to fall for “phishing” attacks online, which could be used to hack their financial accounts. If one person in your office gets a suspicious email, it’s helpful to talk about it amongst yourselves to keep everyone aware.
4. If you learn that your employee has experienced a data breach or fraud elsewhere, please notify us as soon as possible so we can request Empower to put additional protections on your employee’s 403(b) account.

7 Steps to Better Security for 403(b) Participants: 

It’s your retirement future. Protect your account! Here are simple steps anyone can take:

1. Register your account on the Empower website.
2. Keep your account updated with all available emails and phone numbers (but request your treasurer to send address changes to Alliance Benefits)
3. Use a password manager (such as LastPass, 1Password, KeePass). Use a unique password for your Empower account (and for each other financial account) you don’t use elsewhere.
4. Use multifactor authentication (MFA). Yes, it may be less convenient for you – but also for a fraudster!
5. Leave MFA enabled by not clicking “remember this device.”
6. Pay attention to your security alerts.
7. Freeze your credit. This makes it more difficult for a thief to open a line of credit in your name, but it won’t affect your credit score. Simply notify the three major credit bureaus (Experian, Equifax, Transunion) that you would like to freeze your credit. You can still request a free copy of your credit score annually from each of the three bureaus, so you can look for any activity you don’t recognize.

What to Do if You Are a Victim of Fraud?

1. Notify all your financial institutions, including Empower. Empower will put additional protections on your 403(b) account.
2. Notify all three major credit bureaus (Experian, Equifax, Transunion)
3. If you used your Empower account password elsewhere, change it in all places, and immediately change all your email passwords.  

Beth joined Alliance Benefits in January 2001. In her role as Benefits Consultant, she focuses on building relationships with churches and districts, and assisting with health and 403(b) retirement plan questions. She is assigned to serve the churches and districts in the Western and Southern US, and the multi-cultural districts.