Information security and your organization’s retirement plan
Security is a real concern for you and your employees and for companies like Principal® that manage data and financial accounts. That’s why we work together to help safeguard information and account access.
Three things you can do today to help your employees and yourself
1. Encourage online retirement account access
You may think it’s safer to avoid online account access and transactions, but it’s just the opposite.
For example, when employees set up their Principal retirement accounts online, they set a unique password and activate an extra layer of protection called “2-factor authentication.” Not establishing online access may leave the door open for someone else to do it. That’s a big risk that’s easy to prevent. Plus, logging into their account and enabling 2-factor authentication may not only help protect their retirement account, but is one of three easy steps to make their account eligible for the Principal customer protection guarantee.
Other things participants can do to help ward off cybercriminals include 1) setting up their retirement account to receive transaction updates via text messages, and 2) keep their contact information up to date.
2. Document your retirement plan security policies and procedures
Show that you have a prudent process in place. If you’re a retirement plan fiduciary, you have responsibilities related to the security of employees’ personal and financial data. And if you’re like your peers, you may be paying more attention to cybercrime. Put in writing what you’re doing to protect the data and financial assets of the retirement plan.
Here's a data security prudent process template (Word) for you to use.
3. Monitor providers and vendors
It’s important that the companies you work with have comprehensive security programs. That includes retirement plan service providers like Principal, your financial professional, and your third party administrator, if you work with one. You should find out how they process data and protect personal and account information. Principal would be happy to tell you what we’re doing every day to help keep your data secure.
Check out a list of data security questions (PDF) to ask a provider
How do retirement plan recordkeepers help protect customer and account information?
In the retirement industry, there’s focus on many aspects of security. Here are some examples of what we do.
- Third-party verification. Checks and balances are important. An independent auditing firm reviews and evaluates our data security controls on an ongoing basis and publishes its findings in a System and Organization Controls 2 (SOC2) report. The report covers controls related to security, confidentiality, and availability of customer data. It confirms we’re helping fiduciaries meet their responsibilities.1
- Customer protection. Security requires teamwork, and we encourage our customers to help keep their account access secure. For retirement plan customers, we offer a customer protection guarantee. If they take three steps to protect their employer-sponsored retirement accounts and there’s unauthorized activity, we’ll reimburse the accounts.2
- Online account security. Companies can help by requiring two-factor authentication and strong passwords. DALBAR, a financial services research firm, recently reviewed retirement plan providers’ requirements for plan participants’ passwords, and Principal ranked number two.4
- Secure phone transactions. While many customers rely on websites, many still like to handle transactions over the phone. Our call centers rely on diligent processes and technology to help prevent fraud.
Put retirement plan security on your to-do list
Make sure your employees understand the importance of online account access. You can share an online security article to give tips for strong passwords and account protection.
If Principal is your organization’s retirement plan service provider, you can find the SOC 2 report in the Reports section of the secure Employer website.
Principal supports and is a member of the Cyber Readiness Institute. The Cyber Readiness Institute website provides free online resources to help small- and medium-sized businesses become cyber ready.
1 The SOC2 report is for DC, DB, ESOP, and governmental 457 plan clients.
2 Employer-sponsored retirement plans are defined benefit or defined contribution (including employee stock ownership plans). The guarantee is effective for unauthorized activity that occurs on or after Aug. 10, 2017, and after participants have active 2-factor authentication. Some exclusions apply. See the details.
The subject matter in this communication is educational only and provided with the understanding that Principal® is not rendering legal, accounting, investment advice or tax advice. You should consult with appropriate counsel or other advisors on all matters pertaining to legal, tax, investment or accounting obligations and requirements.
Insurance products and plan administrative services provided through Principal Life Insurance Co., a member of the Principal Financial Group®, Des Moines, Iowa 50392.