Cybersecurity is one of the biggest issues in America today. We live in a world where our personal and financial information are stored electronically and we have access to them at our convenience. The downside is that there are smart people with nefarious desires hacking into large databases, including such large companies as Target and Home Depot. Given the threat, the SEC recently issued information to help individuals protect their online brokerage investment accounts
The SEC bulletin Investor Bulletin: Protecting Your Online Brokerage Accounts from Fraud outlines several tips we’ve condensed into six here:
- Pick a “strong” password. Keep it secure, and change it regularly. Use different passwords for different online accounts (i.e., brokerage, banking, retirement, or other similar financial accounts).
While it’s a pain to have different passwords and also change them regularly, it is important to do so. I keep all my passwords in a written document that I update regularly. I know there are programs to store your passwords but I am always skeptical that if I get hacked, how those passwords are safe if they are all in one place (call me paranoid). It would be good to get in the habit of updating your passwords every 90 days.
- Use two-step verification, if available.
If the brokerage allows it, use two step verification, which typically means when you sign in the brokerage, will send a code to your phone that you enter to gain access.
- Avoid using public computers and be cautious with Wi-Fi networks to access your online brokerage account.
In my mind, if at all possible, only use your home or business network to access your accounts. The SEC recommends the use of firewalls and other security mechanisms for your computer.
- Be extra careful before clicking on links sent to you.
Be vigilant – so many viruses and other bad things can happen if you click on a bad link. If you don’t know who sent you the link, don’t open. The SEC bulletin provides more specific cautions.
- Secure your mobile devices.
It is wise to password-protect your mobile devices. That way, if you lose it, no one can access the phone.
- Regularly check your account statements and trade confirmations.
We recommend to our clients that they routinely check their monthly account statements from the custodians and check trade confirmations. If something looks suspicious, contact your financial planner.
None of the above are guarantees that you won’t be affected by a cybersecurity breach, yet they are good practices to at least make it more difficult. You can’t control everything in cyberspace, but you can control the actions above.