I have been encouraging investors for the past four years to contact their brokerage firm and/or custodian have Cybersecurity Insurance on their brokerage and IRA accounts, because it is now more important than ever to to have this protection. While most, if not all brokerage firms are members of Securities Insurance Protection Corporation (SIPC), which offers protection if the brokerage firm becomes insolvent, SIPC does not cover losses due to funds being "hacked." In other words, if your brokerage account is compromised and your firm does not offer cybersecurity insurance, you may be vulnerable.
You have a right to know if your brokerage firm is serious about focusing their time and money on security measures, because the problem is only becoming greater each day. Here is a list of tough questions that you should ask your brokerage firm about their cyber security. If they don't have a good answer, maybe it is time to look for a new broker, because who cares more about your money than you? Nobody!
• Does your brokerage firm have an Asset Protection Guarantee if your account is compromised and cash and securities are lost due to unauthorized activity? If so, will you be fully covered if a loss due to unauthorized activity occurs?
• What type of authentication does your firm require for online trading accounts?
• Has your firm ever been "hacked" and if so, did they reimburse its customers?
• What specific controls are in place to ensure that only brokerage employees have access to the firm's data?
• What policies and controls does the firm have in place to ensure employees who leave the firm no longer have access to sensitive data?
• Does your firm provide formal training programs to educate staff on cyber security?
• Describe your firm have policies and processes for sharing customer information with other firms?
• What forms of authentication are used to access firm applications over the internet?
As a brokerage client, you can help protect your account in three ways:
1.) Keep your personal identifying information and account information secure and confidential because sharing your User ID, password, PIN, account number or other standard means of authentication with other individuals means you authorized them to take action in your account.
2.) Keep your contact information up-to-date, to ensure your brokerage firm contacts you in case of suspected fraud.
3.) Review your account frequently and your statements promptly and report any suspicious or unauthorized activity to your brokerage firm immediately in accordance with your Client Agreement.