Employee benefits and retirement plan solutions Trends and Insights Information security and your organization’s retirement plan

Information security and your organization’s retirement plan

Security is a real concern for you and your employees. That’s why we work together to help safeguard information and account access.
Company and employees who have protected their retirement accounts and information.
3 min read |

Security is a real concern for you and your employees and for companies like Principal® that manage data and financial accounts. That’s why we work together to help safeguard information and account access.

Three things you can do today to help your employees and yourself

1. Encourage online retirement account access

You may think it’s safer to avoid online account access and transactions, but it’s just the opposite.

For example, when employees set up their Principal retirement accounts online, they set a unique password and activate an extra layer of protection called “two-factor authentication.” Not establishing online access may leave the door open for someone else to do it. 

Other things participants can do to help ward off cybercriminals include: 1) setting up their retirement account to receive transaction updates via text messages and 2) keeping their contact information up to date.

2. Document your retirement plan security policies and procedures

Show that you have a prudent process in place.

If you’re a retirement plan fiduciary, you have responsibilities related to the security of employees’ personal and financial data. And if you’re like your peers, you may be paying more attention to cybercrime.

Put in writing what you’re doing to protect the data and financial assets of the retirement plan. Writing it down can be beneficial in a number of ways, such as making routine procedures easier to repeat. And when you put your cybersecurity plan in writing you can use it confidently if questioned what your policy is—because it’s already documented.

Here's a data security prudent process template (Word) for you to use.

3. Monitor providers and vendors

It’s important that the companies you work with have comprehensive security programs. That includes retirement plan service providers like Principal, your financial professional, and your third party administrator if you work with one. You should find out how they process data and protect personal and account information. Check out all the ways we meet DOL cybersecurity guidance, including their tips and best practices.

Check out a list of data security questions (PDF) to ask a provider

How do retirement plan recordkeepers help protect customer and account information?

In the retirement industry, there’s focus on many aspects of security. Here are some examples of what we do.

  • Third-party verification. Checks and balances are important. An independent auditing firm reviews and evaluates our data security controls on an ongoing basis and publishes its findings in a System and Organization Controls 2 (SOC2) report. The report covers controls related to security, confidentiality, and availability of customer data. It confirms we’re helping fiduciaries meet their responsibilities.1​
    To see the ways we meet/exceed DOL best practices, read a summary of the robust systems we follow to help ensure confidential and sensitive data is kept safe.
  • Customer protection. We believe security is as important to you as it is to us, and we encourage our customers to help keep their account access secure. For retirement plan customers, we offer a customer protection guarantee. Our guarantee is simple: Principal® will reimburse your employer-sponsored retirement account for losses from unauthorized activity occurring through no fault of your own.2
  • Online account security. Companies can help by requiring two-factor authentication and strong passwords. We've been recognized with an award by Financial Advisor IQ for the strength of our cybersecurity and privacy standards that help keep investments secure.3
  • Secure phone transactions. While many customers rely on websites, many still like to handle transactions over the phone. Our call centers rely on diligent processes and technology to help prevent fraud.

Put retirement plan security on your to-do list

Make sure your employees understand the importance of online account access. You can share an online security article to give tips for strong passwords and account protection.

If Principal is your organization’s retirement plan service provider, you can find the SOC 2 report in the Reports section of the secure Employer website.

Principal supports and is a member of the Cyber Readiness Institute. The Cyber Readiness Institute website provides free online resources to help small- and medium-sized businesses become cyber ready.

Protecting my business

1 The SOC2 report is for DC, DB, ESOP, and governmental 457 plan clients.

2 Employer-sponsored retirement plans are defined benefit or defined contribution. The guarantee applies to employer sponsored defined benefit, ESOP, or defined contribution plans and is effective for unauthorized activity that occurs through no fault of your own. Exclusions to the policy may apply.See the details.

3 Financial Advisor IQ Service Awards, September 2021.

The subject matter in this communication is educational only and provided with the understanding that Principal® is not rendering legal, accounting, investment advice or tax advice. You should consult with appropriate counsel or other advisors on all matters pertaining to legal, tax, investment or accounting obligations and requirements.

Insurance products and plan administrative services provided through Principal Life Insurance Co., a member of the Principal Financial Group®, Des Moines, Iowa 50392.

2726302-022023