Advertiser Disclosure

3 Steps to Protect Your Brokerage Account From Being Hacked

Oct. 7, 2015
Brokers, Investing
3 Steps to Protect Your Brokerage Account From Being Hacked
Many or all of the products featured here are from our partners who compensate us. This may influence which products we write about and where and how the product appears on a page. However, this does not influence our evaluations. Our opinions are our own.

How’s this for a statistic: During the first half of 2015, there were 888 data breaches worldwide, which works out to roughly five every 24 hours.

Online broker Scottrade joined that list last week, announcing that up to 4.6 million customers may have had their contact information compromised. That may seem rather innocuous — there’s no indication that Social Security numbers were tapped — but it has the potential to be incredibly damaging.

“Accounts are extremely vulnerable,” says Neal O’Farrell, executive director of the nonprofit initiative Identity Theft Council. “They’re really like a vault with one thin door.”

No matter where you do your online trading, it’s important to acknowledge that vulnerability; the way this trend is heading, your brokerage account could easily be next. Here are three steps to minimize that chance:

1. Set up two-factor authentication

This security measure, offered by most brokers and financial institutions, imposes an extra layer of protection — rather than just allowing full account access with a username and password, it may require additional verification if certain actions are taken, like a change in contact information, fund transfers or account withdrawals.

“These are security features that add an extra step whenever a major change is made to your account. Many financial service companies now provide this, but you may need to turn it on,” O’Farrell says.

They may also send you an alert if your password, email address or phone number is changed, so you can react if you didn’t update the information. It’s worth signing up for every extra security measure your brokerage offers. You can generally do that within your account profile (there’s likely a security tab) or by calling customer service.

2. Use a dedicated computer

O’Farrell says to truly protect yourself and your investments, you have to “live a clean life,” and this is one way to do it: Purchase an inexpensive computer that you use only for accessing bank and brokerage accounts and other sensitive financial information. This can protect you against malware getting onto your computer, which can then steal your passwords as you log in to your accounts.

“The biggest risk of malware is what’s called cross contamination: You open infected email attachments or your kids download something or visit an infected website. If you get a computer that you don’t use for email or browsing, you don’t give access to your kids, and you don’t plug USB drives into, the chances of getting infected are minimal,” O’Farrell explains.

An entirely new computer may seem extreme, but these days, malware is sophisticated enough to warrant it — it can bypass anti-virus software, and even scanning with something like Malwarebytes won’t catch everything. Buying a small laptop for under $250 may end up being your best investment of all.

3. Don’t let your guard down

The approach to cleaning up after a data breach has become familiar, and Scottrade followed suit, issuing a year of free credit monitoring to all potentially affected customers. But this kind of monitoring has a downside: Consumers are vigilant after the attack, then tend to slowly let their guard down; after all, a security company is watching their backs.

Hackers know this, of course, and are poised to strike when that credit monitoring runs out, often using the monitoring itself as ammunition. “A year after the breach, when things have calmed down, victims will get an email that says ‘Your first free year of monitoring is up and as a thank you, we’re extending it. Please click here,’” O’Farrell says. You could click and fill in your personal information, putting it directly in the hands of thieves, or open an attachment on the email that puts malware on your computer.

That means all consumers need to be watching their back these days, whether they’ve been a victim or not.

“We’re looking at a massive wave of ID theft on its way,” O’Farrell warns. “Hackers have so much information now. It’s time to do a fall cleaning: Change passwords, get into smarter password habits, use password managers — all of these things we’ve been preaching for years, stick it on your fridge as though it were a health checkup.”

Compare top online brokers

More from NerdWallet:

Arielle O’Shea is a staff writer at NerdWallet, a personal finance website. Email: [email protected]. Twitter: @arioshea.

Image via iStock.