By Patricia Uceda, Spring 2015 Graduate Research Assistant
Many investors choose to use online brokerage accounts to monitor their investments. While online brokerage accounts can be very useful, as with all online-based accounts, they can be subject to cybersecurity threats. Recognizing this, the SEC recently issued an Investor Bulletin with a few tips on the precautions investors should take to help ensure that their online brokerage accounts remain secure.
- Pick a strong password and change it regularly: You should choose a strong password for your online brokerage account that cannot be easily guessed. Avoid using personal information such as your name or birthday, and instead choose a random assortment of symbols, numbers, and mixture of capital and lowercase letters. Write it down so you don’t forget it and keep it in a safe place that only you can access. Never share this password over the Internet or over the phone, and be sure to change it regularly.
- If available, use two step-verification: Many online accounts are now using a two-step verification process to ensure maximum security. You will first log-in using your normal information, and will then have to enter a unique code that is sent to either your e-mail or phone. Check if your brokerage firm offers this two-step verification process and ask to have it turned on.
- Avoid using public computers to access online brokerage account: Avoid accessing your online brokerage account on a public computer, as passwords or other confidential information may be temporarily stored by the computer. If you must, remember to log out completely by pressing the “log out” button after you are done instead of simply closing the window, which may keep you logged in. Additionally delete the computer’s history files, cache, and cookies.
- Avoid using public wireless connections to access online brokerage account: Try to avoid using public wireless connections to access your online brokerage account. These wireless networks are often unsecured, which means that anyone else on the network may be able to look at and read your sensitive data. If you must use a public wireless connection, make sure that at least the website you are accessing has a secure connection. Secure websites encrypt any personal information you enter so that it is not readable to others. In order to tell if a website is encrypted, look for “https” at the start of the web address.
- Be careful before clicking on links sent to you: A seemingly harmless link could in fact be a phishing attempt sent by a scammer in order to obtain personal information from you. While it may lead to a website that appears legitimate, such as a page made to look like your account’s log-in page, it is actually storing the information you are entering for malicious purposes. Never click on a link sent to you by a business entity you do not know; go directly to their website to determine if it is legitimate. In addition, do not click on links that appear to be sent to you from your brokerage firm; you can log in to your account directly through their website.
- Secure your mobile devices: You may have a software app on your smartphone or tablet with automatic access to your online brokerage account. While this is certainly very helpful, it also provides a direct link to your brokerage account and could be disastrous if your device falls into the wrong hands. Make sure that your device is password protected in case it is lost or stolen, or set up the software app so that it always requires a password in order to access your account.
- Regularly check account statements and trade confirmations: This is something you should be doing regardless, in order to ensure that any activity has been verified by you. You should monitor it regularly to see if there is any suspicious activity such as a misspelled name or an inaccurate account number, or if there are any unauthorized transactions. If you see something off, contact your brokerage firm in writing immediately. Written complaints are better than phone complaints because they may be the only way to prove that you complained to the firm.
By taking these extra precautions, you can help ensure that your online brokerage account is secure from cyber threats. For additional information about safeguarding online brokerage accounts, you can go here and here.