Self-directed retirement plan administration involves sharing sensitive personal and financial information. Taking basic precautions significantly reduces the risk that information is intercepted or misused.
Email is not a secure channel. Do not include Social Security numbers, account numbers, or other sensitive identifiers in the body of an email or as an unencrypted attachment. This applies to emails sent to us, your bank, or any other service provider.
When sensitive information needs to be exchanged, use a secure web form or an encrypted file transfer service. Self-Directed Plans uses secure platforms for this purpose. Please take advantage of them.
Use a different password for every financial account, and make each one a mix of letters, numbers, and symbols. Reusing passwords means a breach at one site can expose all accounts that share the same credentials.
A password manager is the most practical way to maintain strong, unique passwords without having to memorize them. Enable two-factor authentication or passphrases on every financial account that offer these enhanced security features.
Phishing attacks often impersonate companies you already do business with. Before clicking a link in any email, hover over it to verify the destination URL matches the sender's domain. If something looks off, go directly to the website rather than following the link.
No reputable company will ask you to provide sensitive personal or financial information by email. If you receive an unexpected request of that kind, treat it as suspicious and verify by calling a number you already have on file, not one included in the message.
Log in to your financial accounts on a regular basis and review recent activity. Catching unauthorized activity early makes it significantly easier to address. A monthly review is a reasonable habit; quarterly at minimum.
How does Self-Directed Plans handle my personal information?
We use secure platforms for the collection and exchange of sensitive information during plan setup and administration. We do not request sensitive information by email, and we do not share your information with parties outside of those directly involved in your plan administration. Once your plan is set up, we purge sensitive information that is not specifically needed to support the ongoing relationship.
What should I do if I think my account information has been compromised?
Contact your bank and IRA Resources immediately to flag the account and prevent unauthorized transactions. Change your passwords across any accounts that may share the same credentials. If you believe your Social Security number has been exposed, consider placing a credit freeze with the major credit bureaus.
This information is provided for educational purposes only and should not be interpreted as tax, legal, or investment advice. Readers are encouraged to consult a qualified professional who can offer guidance based on their personal situation.