March 16, 2021

New Orleans      If you are lucky, maybe you have a bit of savings for your retirement, like a 401(k) plan. Maybe if you are really lucky, you worked for an outfit that actually put some money into that plan or matched your contribution. Maybe if you were super lucky you worked for a legacy company that actually provided you an employer-provided retirement fund or pension. Check any of these boxes and you are likely hoping and praying it will be enough to go with some Social Security and keep you housed and fed when you can’t work anymore. That’s a small comfort and means you don’t have to worry as much.

That is until you read that the Government Accountability Office is so worried about the loose and sloppy way that fiduciaries, third-parties, and employers are handling cybersecurity in individual retirement accounts where $11.3 trillion are amassed and 401(k) type accounts holding $9.3 trillion that they have begged the Department of Labor to come up with better protections against cyber robbery. Pretty much they are warning that those giant nest eggs are sitting ducks for hackers, whether from cash-poor nation states like North Korea and Russia, or freewheeling individuals looking to make big bucks.

This warning jumped to my attention because I’m in post-traumatic shock having just finished reading Nicole Perlroth’s, This Is How They Tell Me the World Ends: The Cyberweapons Arms Race. She mentions that computers are hacked in the US every thirty-nine seconds, and it hits you like a brick. The world is all networked now. The tactics and strategy of modern statecraft and war are rooted in deep and dangerous cyberattack potential from downing aircraft to destroying power grids. This is not a be “scared of the boogeyman” thing. Perlroth goes from one documented case after another where this has pretty much already happened. Worse, some of this mess has come from US-designed cyberwarfare tools that we didn’t protect, that were hacked and stolen, and are now being used against us and others.

I’m not trying to scare any of you, but your 401(k) may be the least of what we all need to worry about. Serious reforms on our cyber lives are needed pretty much needed across the board in order for us to even pretend that some DOL regs here or there is actually protection. A GAO warning to the DOL is a lot like pretending just thinking about wearing a raincoat might protect you in a hurricane.

There are little things we can do, like use longer and more distinct passwords and the like, but the big things involve governmental and corporate action that puts our security at the top of the stack rather than as an afterthought on the latest code, application, or gadget once it seems to work. Until that happens, there’s no end of worries, because we are living in a world of hurt.