News & Views | Q1 2020                                                                             Page 2 of 4


        We will continue to closely monitor any and all activity related to governmental pension reform and report to you, including
        recommendations for practical implementation of changes. Please consult your NFP Advisor if you have questions or would like
        additional information.

        For the full text of the Retirement Security and Savings Act, click here.
        CYBERSECURITY


        Cybersecurity is constantly evolving, and continues to be of extreme importance in protecting participant retirement plan assets.
        Plan providers have and will continue to invest significant resources to establish tools that participants and plan sponsors can use
        to help prevent breaches or other incidents that could result in loss of assets.
        For participants, some of the simplest steps can provide high levels of security. For example, participants should register their
        account online and establish unique security identifications, including unique, strong, and complex passwords. In addition, they
        are advised to keep their anti-virus and malware protections updated at all times. Participants should be careful about what
        information they post on social media - hackers can use their city of residence, employer, political opinions and other seemingly
        insignificant or irrevelant pieces of information to hack into their accounts.

        Participants who do not register their accounts online are particularly vulnerable to cyberattacks. Hackers have been known
        to determine where there is an account that has not been registered online...then, they register the account themselves! This
        has resulted in a small number of accounts having funds directed to the hacker, simply because the participant did not take
        precautions to personally register their account online. Registering every account is of paramount importance.
        Most providers have implemented two- or multi-factor authentication (2FA or MFA) to further improve security. These methods
        require multiple steps to sign in to an account, often requiring the use of multiple devices or security questions to complete
        the sign-in process. While this does provide a significant increase in security protection, some participants may find it to be
        inconvenient. Yes, it may be inconvenient, but it is a small price to pay for the added security and protection of hard earned and
        responsibility saved retirement assets.

        Many providers are implementing other security measures, in addition to 2FA or MFA. Often, certain elements of phone calls will
        be monitored, including the caller’s voice, device or number being used to place the call, and the geographic origin of the call.
        Enhanced security questions are being used to screen calls for authenticity, using information only the participant is likely to know
        (e.g., former addresses or employers, and names of the family members). Bank information is being validated to verify that the
        retirement account owner matches the bank account owner. Finally, fraud monitoring for unusual or irregular activity is used to
        identify other suspicious threats.

        NFP recommends that plan sponsors engage in active dialogue with their providers to determine what security tools are being
        used and any others that are available. Further, plan sponsors and providers can work together to educate employees about the
        importance of account security, encouraging and helping them to take the steps necessary to protect their retirement savings.
        Please let your NFP advisor know if you need help facilitating these discussions or exploring options.