Late last week, the director of the Securities and Exchange Commission’s Division of Enforcement warned brokerage houses and other financial companies that they risk serious SEC enforcement action if they fail to implement proper cybersecurity plans. This comes on the heels of the data breach at Discount brokerage firm Scottrade which I told you about in the Scam of the day for October 4th as well as the SEC’s fine of R.T. Jones Capital Equities Management in September for failing to take adequate steps, such as encryption, to protect their customers data.
Like so many cybersecurity problems, this one is not as bad as you think. It is far worse. According to an SEC survey, 88% of broker-dealers and 74% of investment advisers suffered cyberattacks in the last year. Making the problem even worse, according to the SEC, only 15% of broker dealers and 9% of advisers guarantee that they will totally reimburse their customers for losses due to cyberattacks. In particular, many of these companies have fine print in their contracts that passes the liability on to the customers if the customers are considered negligent in the loss of their data.
So what can you do to keep your investments safe?
As always, the first place to look for that helping hand is at the end of your own arm. Make sure that you use a unique and complex password for your investment accounts. You can go to the Scamicide archives for instructions as to how to pick a strong and secure password. Also important is to use dual factor authentication whenever possible so that even if someone manages to steal your password, they will not be able to access your account. With dual factor authentication, a one-time code is sent to your smartphone whenever you need to access your account. In addition, you should make sure that all of your electronic devices including your computer and smartphone are protected with the most up to date anti-virus and anti-malware software. Too many people fail to protect their smartphones with a password or security software. Finally, monitor your accounts regularly for indications of security breaches.
But what about your investment broker or adviser? How do you know if they are trustworthy?
Make sure you understand your broker’s policy for reimbursement of customers if a data breach occurs and consider taking your business somewhere else if the answer is unsatisfactory. Ask them what measures they take to ensure cybersecurity including the use of encryption and dual factor authentication. Also, find out how they limit access to data to only those people who have a need to see your information. Finally, find out if they are covered by cyberinsurance.