Cyber safety: Employer and employee best practices to protect EBP assets

Cybersecurity was one of the topics presented by our Employee Benefit Plan Services group during the webinar: The (other) Es of EBP: Exposure, Expectations & Errors on July 10, 2025. Watch the recording.

Cyberthieves view the $14 trillion held in Americans’ retirement and welfare plans as a prime target.

Employee benefit plan administrators are charged with protecting these assets. Even minor errors by individuals within or outside the organization can provide cybercriminals with access to sensitive information, including retirement accounts.

Fraud losses continue to rise, with risks emanating from multiple sources. While protection requires investment, fixing a breach is far more costly.

Employers and their employees can safeguard retirement assets by consistently following a few essential best practices.

The benefit plan threat landscape  

Benefit plans encounter threats in three key areas: retirement accounts and assets, sensitive data, and new tactics developed as cybercriminals evolve.

Typically, cybercriminals use stolen or compromised credentials to gain entry. They sneak in through:

• Weak or reused passwords: When someone uses the same, predictable passwords, cybercriminals are sure to find them.
• Lack of multifactor identification: Fewer layers give cybercriminals easy entry.
• Malware: A single inadvertent click can infect devices with malicious software.

Cyberthieves also gain access to accounts and systems through these scams:

• Phishing: Scam emails mimic legitimate sources, urging users to click links or enter information. Watch for altered addresses or odd requests.
• Smishing: Fraudulent texts mirror real organizations, urging urgent action with suspicious links. Their urgency and odd links are red flags.
• Vishing: These are fraudulent phone calls that often appear as scam alerts.

For phishing, vishing, or smishing, the most effective response is to disregard the message. Mark suspicious emails as spam or block scam phone numbers.

EBP case study: In 2017, Great-West Financial lost $1–2 million after scammers used real participant data to make unauthorized withdrawals.

Types of cyberattacks

Cybercriminals have two favorite tools for worming into retirement plans – ransomware and data breaches. They are also learning to use AI effectively.

Ransomware enables cybercriminals to seize data and demand payments, resulting in costly downtime. In 2024, average payments reached $2 million, and shutdowns lasted 24 days or more.

• Data breach: Hackers steal personal data from large databases to sell or open accounts. Breaches can occur via cyberattacks, phishing, or third-party vendors.
• AI and deepfakes: AI enables convincing scams, using realistic messages and images. Deepfakes create lifelike video or audio from trusted figures.
• EBP case study: The 2023 MOVEit attack exposed 94 million people’s data, including 769,000 CalPERS retirees, and led to litigation over security failures.

Best practices: Steps for EBP cybersecurity

As cyberattacks increase in number and sophistication, EBP administrators must develop precautions from two perspectives: as employers and among employees.

Employers should:

• Document the plan’s cybersecurity program: Key elements include annual risk assessments, third-party audits, clearly defined security roles, strong access controls, and more. For best practices, visit the U.S. Department of Labor’s Employee Benefits Security Administration.
• Conduct due diligence on providers: Check for security practices, audits, past breach management, vulnerability fixes, and customer protection guarantees.
• Meet with service providers: Invite service providers to annual committee meetings and ask specific questions about cybersecurity, such as how they handle incidents.
• Training: Provide cybersecurity education to employees and plan participants on the latest cyber and fraud prevention best practices.

The first line of defense in an organization’s cybersecurity is its people. Continuous training should teach employees to:

• Establish strong login credentials: Create unique login identities and passwords or passphrases. Stress that using a single password endangers personal and company accounts.
• Use multifactor authentication: Extra levels of security provide deterrence by encouraging cybercriminals to move on.
• Secure mobile devices: Encourage users to authenticate social media sites and apps, and use passwords and facial recognition. They should download apps only from trusted sources.
• Be wary of scams: Train employees to spot phishing, smishing, vishing, and deepfake scams. Remind them to verify all communications, even if they appear genuine.

After a cyberattack: Controlling the damage

Even those who take the strictest precautions can become victims. When cybercriminals attack, take these steps to regain control:

• Report the incident to the FBI’s Internet Crime Complaint Center (IC3) and Department of Homeland Security’s Cybersecurity & Infrastructure Security Agency (CISA).
• Contact major credit bureaus—Experian, TransUnion, and Equifax—to place a freeze on credit. This action prevents criminals from using stolen information to obtain loans or credit cards in the victim’s name. Credit freezes can be temporarily lifted for legitimate needs.  
• Hire a credit monitoring company, such as LifeLock.  
• Keep a company contact list that includes the attorney, accountant, insurer, and others who should be notified in the event of an incident.

Bottom line

Trust is at the heart of successful employee benefit plan administration. Organizations must proactively safeguard their assets and identities against constantly evolving cyber threats. Boyer & Ritter’s EBP Services Group stands ready to partner with administrators, offering decisive expertise to protect what matters most.

About the Author

Kimbarley A. Williams, CPA, is a principal at Boyer & Ritter LLC and is chair of the firm’s Employee Benefit Plan Services Group. Kim has over 20 years of experience providing audit, accounting and tax services to employee benefit plans, business trade associations, charitable organizations, community foundations, and closely held businesses. Contact Kimbarley at 717-761-7210 or kwilliams@cpabr.com.