After a raft of well-publicized data breaches at Target, Home Depot, Sony Pictures, Chick-fil-A, Morgan Stanley, and JP Morgan Chase, cyber security probably registers high on your financial anxiety meter.

If your key financial and personal information is stolen, it can be vexing to fix things. You will spend a lot of time canceling credit cards and denying charges.

But it can be more damaging if a cyber thief gains access to even more sensitive information from your banking, brokerage, or mutual fund accounts. Then, instead of stealing a credit card number, they may be able to steal from your savings or retirement accounts. Indeed, scammers recently targeted Morgan Stanley customers.

How likely is your information to be stolen? Although it is clear that hackers are working 24/7 around the globe to gain access to various financial, corporate, and government systems, you can put up a series of safeguards to ensure you do not become a victim.

According to cyber security expert Jocelyn Baird of, here is how you can guard your banking and credit information:

1. Be careful when logging into your online banking account
The first piece to this puzzle is to make sure you create a strong, unique password for each account and change it frequently—it is recommended to change passwords at least every three months. Also, never log into your bank account if you are using an unsecured network, such as public Wi-Fi. An unsecured network is vulnerable, and some scammers will use the public Wi-Fi at coffee shops or other crowded places to find victims. If you need to check your balance on the go, consider setting up text message commands with your financial institution that don’t require you to log into your account. Or opt to disconnect your Wi-Fi connections and use your data instead.

2. Do not give out your account information
Some forms, such as rental applications, ask for your bank account and routing numbers. Other times, someone might ask for your information over the phone to complete a transaction. By giving out this information, you’re potentially opening yourself up to a scam. Only give your account information when absolutely necessary—and never over the phone, unless you are certain the company you are providing it to is legitimate.

3. Watch out for email phishing attempts.
Be suspicious of any email you receive that instructs you to click a link and log into your account. If you get an email that urges you to log into your account, open a new browser window, go to your bank’s website by typing the URL into the browser address bar directly, and log in there to check for a problem. You can also call your bank’s customer service to inquire about any potential issues with your account.

4. Beware of text message phishing
Also known as “smishing,” text message phishing is emerging as an issue with the increase in customers signing up for text message communication from their banks. If you receive a text urging you to call a number or click a link in regard to your account, be suspicious. Instead of calling the number provided, find your bank’s customer service number in your records or on its website and call that to verify whether there is a problem.

5. Verify your banking app before downloading
Many banks offer mobile apps, which is convenient but also presents potential security issues. It is important to ensure that the app you are downloading is the official app from your bank, rather than a third-party app created by a scammer to steal your information. Also, some of the official apps have had security flaws that require new versions to patch, so heed their requests to update promptly. And again, avoid logging into a mobile banking app unless you are connected to a secure Wi-Fi network or you are using mobile data.

6. Monitor your statements
You may be tempted to toss out your bank statements or may forget to check your accounts regularly if you have opted to go paperless, but monitoring is important. Checking your statements means you will be far more likely to notice any suspicious activity on your accounts—and the earlier you can catch fraud, the easier it will be to stop it and reverse any damage done. Be sure to shred any mail from your bank before it goes into the trash to further keep it safe from garbage-snooping scammers.

What about your brokerage and mutual fund accounts? Neal O’Farrell of recommends the following:

7. Discuss security measures with your broker
“Talk to your broker first to find out what kind of security they offer,” O’Farrell says. “Ideally that should include ‘multifactor authentication,’ as well as systems to detect unusual funds-transfer requests. And just like any other accounts, protect that password and keep your devices free from malware.”

Multifactor authentication means that another element, in addition to your username and password, is used as a way to identify yourself. For example, a reasonable security safeguard would be to ask three personal questions (you give the answers in advance) or register a pre-selected “icon” such as an animal picture along with the usual username/password combination.

“The additional factors could be something biometric, like a finger or voice print; a key fob that generates a unique one-time code; a verification text message sent to your phone; or even something contextual, like are you trying to log in from the computer or IP address you normally use,” O’Farrell says.

8. Use one dedicated computer for transactions
There is an even simpler, little-known route to protecting your financial information, O’Farrell adds. “For the extra cautious, or if you have a lot to lose, consider investing in a cheap computer that you only use to access your online accounts. By doing this, you almost completely eliminate the risks of malware—because you’re not using the computer for email, for surfing and shopping, for work, or to download or share anything—all the ways malware can sneak in. With computers as low as $150, it could be one of your best security investments.”

9. Do regular credit checks
Another way to safeguard your information is to do a regular credit check. That way you can see any major changes to your credit file. If you see unauthorized access or new accounts in your name, you have a right to correct the information without charge.

Although your credit record will not reflect any intrusions into your brokerage or retirement accounts, it may give you a heads-up that your other financial information has been stolen.

To see your credit report for free, check out, which will give you one report from each of the major credit reporting bureaus per year. You may also sign up for a credit-monitoring service (charges vary), but you can do most of the work yourself. Most major credit card companies will send you fraud alerts for free if they suspect trouble.

Still concerned? More help may be on the way from Congress. In his State of the Union Address on Jan. 20, President Obama urged Congress to improve safeguards on digital information. He proposed the “Personal Data Notification & Protection Act.” The legislation, if passed, would require consumer notification within a month if their personal information had been acquired in a data breach.

Although the legislation will not shut down the illegal trade of personal information, it is a start in at least giving you a red flag when your financial information has been accessed without your consent.


©Morningstar 2015. All Rights Reserved. Used with permission.