Online Security Tips for Investors

While the expanding context for online access to account information offers convenience to many investors, it also increases the need for safeguards. Such measures are critical in my role as Cornerstone’s Chief Compliance Officer. As a registered investment advisor, Cornerstone Management is regulated by the U.S. Securities and Exchange Commission (SEC). I am pleased to share with you the following content from an Investor Bulletin issued by the SEC’s Office of Investor Education and Advocacy.

Investors should always take steps to safeguard their personal financial information (e.g., social security number, financial account numbers, phone number, e-mail address, or usernames and passwords for online financial accounts). These online security tips can help ensure that your online investment accounts remain secure.

Consider using a “strong” passphrase, instead of a password, if available. Passphrases are passwords that consist of a series of words strung together that create a phrase. Some investment accounts allow the use of passphrases, which generally require a longer character count than a password. A strong passphrase should consist of random words, using characters that include symbols, numbers, and both capital and lower-case letters. A strong passphrase should not use common phrases from literature, music, or other media. A strong passphrase also should not use personal information such as your name or birthday, or only words found in a dictionary. As with passwords, make sure you secure your passphrase, never share it via electronic messaging or over the phone, and change it regularly.

If you can’t use a passphrase, pick a “strong” password, keep it secure, and change it regularly. Select a strong password for your investment account. A strong password is one that is not easy to guess and generally uses twelve or more characters that include symbols, numbers, and both capital and lowercase letters. A strong password should not use words found in a dictionary, or personal information such as a name or birthday. Make sure you secure your password and never share it via electronic messaging (such as e-mail or text messages) or over the phone. You should change your password regularly.

Use two-step verification or “multifactor” authentication, if available. Your custodian may offer (or require) a two-step verification process for access to your account. Two-step verification is a practical way to add further security to your account by requiring a second factor to your username and password/passphrase sequence. With a two-step verification process, each time you attempt to log into your account from an unrecognized computer, your custodian sends a unique code to either your e-mail or mobile device. Before you can gain access to your account, you must enter this code and your password.

Turn “on” account alerts. One of the easiest ways to protect your online investment account and monitor it for fraud is to turn “on” account alerts. Depending on how your online account works, these alerts will send you an e-mail and/or text message when certain activities occur in your account. Some examples of these alerts include:

• Account logins
• Failed account login attempts
• Password changes
• Personal information changes (address, e-mail or phone number)
• Securities transactions (placing orders to buy or sell investments)
• Transfers of money or securities in or out of the account
• Adding or deleting an external financial account where you can transfer money or securities to or from (e.g., bank account, investment account)

The availability and types of account alerts vary depending on your custodian. Contact your custodian to find out which online account alerts are available and how you can turn them “on” for your account.

Add biometric safeguards, if available. Your custodian may offer biometric safeguards for your online investment accounts, especially for access through mobile devices. Biometric safeguards for an investment account may include fingerprint, facial or voice recognition, or iris scanning. These safeguards may be used with or instead of a password/passphrase to access your investment accounts. Contact your custodian to determine if they offer these safeguards for your accounts.

Use different passwords for different accounts. Avoid using the same password for different online services, particularly for financial accounts. Using a single password for different online financial accounts is the equivalent of using a single key for your car, house, and mailbox – if the key is lost or stolen, you potentially give away access to everything. While using multiple passwords increases the difficulty of managing passwords, it significantly improves security.