Skip to Content
Ecology of Money

How to Secure Your Financial Accounts from Cyber Thievery

Cyber security experts offer tips for more secure log-ins, app usage, and ongoing account monitoring.

This article is part of our “Get It Done” week on Morningstar.com: All week we will feature articles and videos offering guidance on ways to help tackle those nagging items on your financial to-do list. This article originally appeared Jan. 25, 2015.

We are wrapping up tax season--and with it, warnings from the IRS about thieves stealing tax refunds from unwitting taxpayers. Combine that with a raft of well-publicized data breaches at retailers and banks, and cyber security probably registers high on your financial anxiety meter.

If your key financial and personal information is stolen, it can be vexing to fix things--as I've twice discovered as a victim of identity theft. You'll spend a lot of time canceling credit cards and denying charges.

But it can be more damaging if a cyber thief gains access to even more sensitive information from your banking, brokerage, or mutual fund accounts. Then, instead of stealing a credit card number, they may be able to steal from your savings or retirement accounts.

How likely is your information to be stolen? Although it's clear that hackers are working 24/7 around the globe to gain access to various financial, corporate, and government systems, you can put up a series of safeguards to ensure you don't become a victim.

What You Can Do to Protect Yourself
I've asked two cyber security experts to explain how to best protect your information. According to Jocelyn Baird of NextAdvisor.com, here's how you can guard your banking and credit information:

1. Be careful when logging in to your online banking account.
The first piece to this puzzle is to make sure you create a strong, unique password for each account and change it frequently--it's recommended to change passwords at least every three months. Also, never log in to your bank account if you are using an unsecured network, such as public Wi-Fi. An unsecured network is vulnerable, and some scammers will use the public Wi-Fi at coffee shops or other crowded places to find victims. If you need to check your balance on the go, consider setting up text message commands with your financial institution that don't require you to log in to your account. Or opt to disconnect your Wi-Fi connections and use your data instead.

2. Don't give out your account information.
Some forms, such as rental applications, ask for your bank account and routing numbers. Other times, someone might ask for your information over the phone to complete a transaction. By giving out this information, you're potentially opening yourself up to a scam. Only give your account information when absolutely necessary--and never over the phone, unless you are certain the company you are providing it to is legitimate.

3. Watch out for email phishing attempts.
Be suspicious of any email you receive that instructs you to click a link and log in to your account. If you get an email that urges you to log in to your account, open a new browser window, go to your bank's website by typing the URL into the browser address bar directly, and log in there to check for a problem. You can also call your bank's customer service to inquire about any potential issues with your account.

4. Beware of text message phishing.
Also known as "smishing," text message phishing is emerging as an issue with the increase in customers signing up for text message communication from their banks. If you receive a text urging you to call a number or click a link in regard to your account, be suspicious. Instead of calling the number provided, find your bank's customer service number in your records or on its website and call that to verify whether there is a problem.

5. Verify your banking app before downloading.
Many banks offer mobile apps, which is convenient but also presents potential security issues. It is important to ensure that the app you are downloading is the official app from your bank, rather than a third-party app created by a scammer to steal your information. Also, some of the official apps have had security flaws that require new versions to patch, so heed their requests to update promptly. And again, avoid logging in to a mobile banking app unless you are connected to a secure Wi-Fi network or you are using mobile data.

6. Monitor your statements.
You may be tempted to toss out your bank statements or may forget to check your accounts regularly if you've opted to go paperless, but monitoring is important. Checking your statements means you will be far more likely to notice any suspicious activity on your accounts--and the earlier you can catch fraud, the easier it will be to stop it and reverse any damage done. Be sure to shred any mail from your bank before it goes into the trash to further keep it safe from garbage-snooping scammers.

What about your brokerage and mutual fund accounts? Neal O'Farrell of CreditSesame.com recommends the following:

7. Discuss security measures with your broker.
"Talk to your broker first to find out what kind of security they offer," O'Farrell says. "Ideally that should include 'multifactor authentication,' as well as systems to detect unusual funds-transfer requests. And just like any other accounts, protect that password and keep your devices free from malware."

Multifactor authentication means that another element, in addition to your username and password, is used as a way to identify yourself. For example, a reasonable security safeguard would be to ask three personal questions (you give the answers in advance) or register a pre-selected "icon" such as an animal picture along with the usual username/password combination.

"The additional factors could be something biometric, like a finger or voice print; a key fob that generates a unique one-time code; a verification text message sent to your phone; or even something contextual, like are you trying to log in from the computer or IP address you normally use," O'Farrell says.

8. Use one dedicated computer for transactions
There's an even simpler, little-known route to protecting your financial information, O'Farrell adds. "For the extra cautious, or if you have a lot to lose, consider investing in a cheap computer that you only use to access your online accounts. By doing this, you almost completely eliminate the risks of malware--because you're not using the computer for email, for surfing and shopping, for work, or to download or share anything--all the ways malware can sneak in. With computers as low as $150, it could be one of your best security investments."

9. Do regular credit checks.
Another way to safeguard your information is to do a regular credit check. That way you can see any major changes to your credit file. If you see unauthorized access or new accounts in your name, you have a right to correct the information without charge.

Although your credit record will not reflect any intrusions into your brokerage or retirement accounts, it may give you a heads-up that your other financial information has been stolen.

To see your credit report for free, check out annualcreditreport.com, which will give you one report from each of the major credit reporting bureaus per year. You may also sign up for a credit-monitoring service (charges vary), but you can do most of the work yourself. Most major credit card companies will send you fraud alerts for free if they suspect trouble.

John F. Wasik is a freelance columnist for Morningstar.com and author of 14 books, including "Keynes's Way to Wealth: Timeless Lessons from the Great Economist." The views expressed in this article do not necessarily reflect the views of Morningstar.com.