I recently returned from a Schwab investment conference where I attended a session discussing cyber-security. It is amazing how the internet has become central in our everyday lives in such a short period of time. We pay our bills, order merchandise, check our account balances and even socialize online. We need to be diligent and proactive to protect our financial security. Every day we find ourselves relying on technology without even thinking of the potential unforeseen consequences.
I would like to encourage every investor to follow the advice from a recent SEC investor bulletin called Protecting Your Online Brokerage Accounts from Fraud. Highlighted below are the basic points from the bulletin:
- Pick a “strong” password, keep it secure, and change it regularly. A strong password is one that is not easy to guess and generally uses eight or more characters that include symbols, numbers, and both capital and lowercase letters. A strong password is not based on common words, phrases, or personal information such as a name or birthday. Keep your password in a safe place and out of plain sight. Never share your password on the Internet, by e-mail, or over the phone. In addition, you should change your password regularly.
- Use two-step verification, if available. Your brokerage firm may offer or require a two-step verification process for access to your online account. With a two-step verification process, each time you attempt to log into your account your brokerage sends a unique code to either your e-mail or cell phone. Before you can gain access to your account, you must enter this code and your password.
- Use different passwords for different online accounts (i.e., brokerage, banking, retirement, or other similar financial accounts). Avoid using the same password for different online services, particularly for financial accounts. While using multiple passwords increases the difficulty of managing passwords, it significantly improves security.
- Avoid using public computers to access your online brokerage account. Try to avoid accessing your online brokerage account on a public computer. If you must use a public computer to access your account, remember:
- Log out of the account completely by clicking the “log out” button on the brokerage account website to terminate the online session. Closing or minimizing a browser application or window does not necessarily log you out of the account.
- Delete history files, caches, cookies, and temporary Internet files.
- Use caution with wireless connections. If you use a wireless connection to the Internet (including a wireless home network) to access your online brokerage account, make sure your computer is secure and has current anti-virus software and a firewall enabled.
- Do not type your password unless the website you are accessing uses a secure connection. The easiest way to determine whether a website is secure is to look in the address bar. If the page’s web address begins with “https” instead of “http,” then it is a secure connection.
- Turn off file sharing. With some operating systems, by default all of your local files are wide open to any other device connected to the same network. Make sure this feature is turned off when accessing information over a public wireless network. You can usually find instructions for turning file sharing on and off in your operating systems’ help menu.
- Be extra careful before clicking on links sent to you. You should always verify that e-mails containing links regarding your brokerage account come from legitimate sources. Clicking on a malicious link could:
- Link to a website designed to trick you into providing sensitive account information that can be used to steal your money or identity.
- Cause malicious software (e.g., computer viruses, worms, Trojan horses, or spyware) to automatically infect your computer and allow fraudsters to obtain sensitive account information.
- To guard against dangerous links, remember the following:
- Do not click on a link that was sent to you by a business or entity you do not know. Perform an online search for the business or go directly to the business’s website to determine if the link is legitimate.
- Do not click on a link that was sent to you by a business that you have an existing account with. Investors should confirm the legitimacy of the link by either going directly to the business’s website or calling the business with a confirmed telephone number.
- Secure your mobile devices. Many mobile devices, such as smartphones or tablets, have software applications that allow users automatic access to their online brokerage accounts. Unauthorized access to these mobile devices could compromise these accounts. If you have a mobile device that is linked to your online brokerage account, make sure that the device is password protected in case it is lost or stolen.
- Regularly check your account statements and trade confirmations. Always remember to check your brokerage account statements and trade confirmations for any suspicious activity
- If you see any mistakes or unauthorized transactions, contact your brokerage firm in writing immediately. Your written complaint may be the only way to prove that you complained to the firm about the mistakes or unauthorized transactions. Also, remember to keep written records of any communications you have with your brokerage firm regarding these mistakes or unauthorized transactions.