Running into burning buildings isn’t the only risk firefighters face. In 2024 alone, Americans lost a record $16.6 billion to online scams, and a staggering 73% of adults have experienced some form of cyber attack or scam in their lifetime. An astounding 68% of Americans get scam calls at least weekly, and 28% get scam texts daily.1 Yet despite these digital five-alarm fires, most people aren’t taking basic precautions! In fact, over 90% admit they completely skip key cybersecurity practices.2
It’s Cybersecurity Awareness Month, so there’s no better time to tighten up the security on your financial accounts. That means locking down your pension portal, 457(b) deferred comp account, and benefits websites with the same vigilance you bring to the fireground.
Your pension and benefits accounts are honey pots of personal information and financial assets. Just in the last two years, cyberattacks have hit public servant retirement systems hard. A ransomware attack on the City of Columbus in 2024 exposed firefighters’ and police officers’ personal data (names, Social Security numbers, direct deposit info) to criminals.3
The nation’s largest pension fund, CalPERS, suffered a vendor breach that stole sensitive records for 769,000 retirees.4 Earlier this year, a hack of a 457 plan administrator exposed the retirement account information of more than 48,000 public employees across multiple school districts.5 In 2020, a Colgate-Palmolive employee had $750,000 transferred from their 401(k) account after a hacker changed their details and transferred the funds to a different account.6
In short, firefighters are potential targets (and lucrative ones at that).
The Rising Cost of Cybercrime
FBI IC3 reported losses, 2020–2024 (official figures)
View IC3 Annual Reports →
Fortunately, you don’t need to be a tech wizard to dramatically boost your protection. A few straightforward steps can slam the door on most threats.
Strong Passwords and Passkeys
The first line of defense for your pension and benefits portals is the login. Over one-third of people had at least one account hacked in the past year due to poor password security.7 Weak or reused passwords are like leaving your front door open. Here’s how to fortify it:
Use Strong, Unique Passwords: Let’s start with the obvious: a strong and unique password. Make sure it’s long (at least 12-16 characters) and unique to that account. Whenever there is a password breach, hackers know that you probably use that same password for other accounts.
Even Better, Use a Password Manager: Nobody can remember 100+ unique logins. That’s where password managers come in. Tools like LastPass, 1Password, or Bitwarden create and store crazy complex passwords for you, encrypted behind one master password. Then you only have to remember one (very strong) master passphrase to unlock the vault.
Use Passkeys: Newer phones use your fingerprint or face instead of a password. Passkeys take that idea to the web. A passkey is a digital key stored on your device (phone/computer) that lets you log in with biometric verification or a PIN, no typed password needed.
Your Security Action Plan
Click each item as you complete it to track your progress
Turn On Two-Factor Authentication (2FA)
Two-factor authentication (2FA) is the security system that kicks in if your password is ever leaked. Yes, it adds 5 seconds to your login, but it can stop 99% of account hacks cold, because even if a bad actor somehow gets your password, they still can’t get in without that second factor that only you have.
Here’s how to leverage 2FA for your retirement and benefits accounts:
Enable 2FA Everywhere: Check your pension system’s website, your deferred comp (457) provider, union benefits portal, even your personal bank and email for an option to enable two-factor or “two-step” verification.
Authenticator Apps vs. Texts: Text-message (SMS) codes are the most common 2FA method – and certainly better than nothing – but consider using an authenticator app for even stronger security. Apps like Google Authenticator, Authy, or Microsoft Authenticator generate time-based codes that refresh every 30 seconds. They’re not interceptable via SIM-hacking the way text messages can be. By the way, if you use an app, make sure to safely save the backup codes the site provides in case you lose your phone.
Beware of 2FA Fatigue Attacks: There’s a scam where hackers who have your password repeatedly try to log in, sending you a flood of 2FA prompts (“Your code is…”). They hope you’ll get annoyed and accidentally approve a prompt or divulge a code. If you ever get unsolicited login codes or app approval requests, do not approve them. That’s a sign someone has your password.
Phishing, Scams, and Common Sense
Cybercriminals know that targeting humans can be easier than hacking computers. This is why phishing scams, where someone tricks you into giving up info or access, are rampant. As a firefighter, you might get less desk time than the average office worker, but that doesn’t mean you’re not on scammers’ radars. In fact, criminals often prey on first responders and public employees through clever tactics.
Phishy Emails and Texts: You might receive an email that looks like it’s from your pension administrator or a benefits provider, asking you to “log in to verify your account” or “update your direct deposit info.” It could even spoof a coworker or union rep. Always be skeptical of unsolicited emails or texts asking you to click a link or provide credentials. Check the sender’s address closely (is that really @fire.city.gov or is it @f1re.city.com?). When in doubt, don’t click. Legitimate organizations WILL NEVER ask for your password or full SSN via email. Instead, go to the official site manually or call the agency directly using a verified number.
Beware “Urgent” Requests: Scammers love urgency. “Your account will be suspended in 24 hours!” or “Action needed immediately to secure your pension!” These are red flags. Similarly, watch out for phone calls that claim to be from the IRS, a bank, or “Tech Support” saying your computer is infected. A common grift is someone calling older public service retirees pretending to be from a government agency, trying to scare them into giving up info or even payments. Always verify – hang up and call back via an official number if needed.
Trust Your Instincts: You know that gut feeling you get when something’s off on a call? Apply that to the digital world. If an email or message feels odd, or too good to be true, or overly alarming, pause. Talk to a colleague or an IT-savvy friend if you’re unsure. It’s better to be a little paranoid than to experience regret.
In Conclusion
Each of these steps is like adding another layer of protection: one might save you from a hacked account, another from a fraudulent loan, another from an ill-advised click. Combined, they make you a hard target, and hackers are more likely to move on to easier prey than tackle someone who’s locked things down tight.
Protection Red was founded to have firefighters’ backs, not only with pension and retirement planning but with holistic advice that helps keep you and your family secure. We know navigating a digital world isn’t your main gig, so let us help ensure your finances are protected in return. If you’re unsure about any of these steps or want a friendly review of your current setup, reach out for advice!
Appendix (Sources):
- Pew Research Center – “Online Scams and Attacks in America Today” (July 31, 2025) pewresearch.org
- PlanAdviser – “Most Americans Still Skip Basic Cyber Protections” (May 29, 2025) planadviser.com
- Fire Law Blog – “Columbus Firefighters Sue City Over Data Breach” (Aug 22, 2024) firelawblog.com
- Sacramento Bee via Governing – “Nation’s Two Biggest Pension Systems Report Data Breach” (June 23, 2023) governing.com
- PLANADVISER – “403(b)/457(b) Vendor Breach Exposes 48,000 Participants’ Data” (March 4, 2025) planadviser.com
- PlanSponsor – “Motion Seeks to Hold Alight Liable for Theft of 401(k) Assets” (Nov 13, 2023) plansponsor.com
- FIDO Alliance – “Passkey Adoption Doubles in 2024” (Dec 11, 2024) fidoalliance.org
- Pew Research Center – “Scam Call, Text and Email Frequency” (April 2025 survey data) pewresearch.org
