Cybersecurity: 8 steps to help keep your online trading data safe


In this age of email hacking, website attacks, and identity theft, cybersecurity should be a priority for investors who regularly use online financial sites to trade securities or move money around.

With hackers becoming ever more sophisticated, the Security and Exchange Commission last month announced that it will examine about 50 broker-dealers and independent advisors to assess their defenses against cyber-theft.

Investors need to do their part as well to ward off hackers, phishers, and snoops when they access their online brokerage accounts. Here are some sensible steps every investor should consider to keep their data and money safe, according to the SEC and other sources.

  1. Invest in a first rate security software packages with anti-virus, anti-spam, and spyware detection features. In addition, make sure your software version stays  current with the latest security patches from your vendor.

  1. Make sure your online brokerage account has a secure and encrypted web page. A secure website connection starts with “https” instead of just “http” and usually has a key or closed padlock in the status bar.

  1. In addition to setting up firewalls on your personal computer, ask your brokerage firm if you can protect your online account with a security token or similar security device. A security token (sometimes called an authentication token) is a small hardware device that generates a temporary password that the owner the can use to authorize access to a network service. This offers a second layer of protection.

  1. Warning: Downloading files or programs from unknown sources is a fool’s game. Cyber-crooks often use Trojan horses or other backdoor methods to load malicious software programs on your computer. Ditto for pop-up advertisements or offers to download a “free” game or gadget.

  1. Never provide sensitive personal information like personal addresses, bank account and routing numbers, and social security numbers through non-secure means such as email. It’s quite rare for legitimate companies and financial institutions to ask for such information. If you get a request, verify it by phone.

  1. Get creative about your passwords. Choose one with upper and lower case letters, numbers and special symbols and punctuation. Also, as Google suggests, consider adding a mobile phone number to your profile to receive a code to reset your password via text message or automated call for an extra layer of protection.

  2. Using public wireless networks to trade and bank is not a brilliant move. Many “hotspots” — wireless networks in public areas like airports, hotels and restaurants — have minimum security. For more about security issues, check out the website of the Wi-Fi Alliance.

  1. Other good habits: Closing your browser or clearing out the history cache after using your online account is a good idea, but it may not be enough to prevent others from gaining access to your account information. (Here’s a useful guide to emptying the history cache.) Ignore emails requesting that you “reset” your financial accounts with a new password. Phishing email messages look as if they come from your bank or another reputable company. They don’t: Answer, and you will get scammed. Finally, don’t reveal too much personal information in social media profiles. That also goes for obituaries of family members. Publishing such things as a mother’s maiden name, home address, personal ancestry, occupation or date of birth, might allow an identity thief to set up new accounts in the deceased person’s name.

For more on Covestor’s services, visit or try a free trial.