Unlike your bank accounts that are protected by the Federal Deposit Insurance Corporation for losses up to $250,000, there is no such universal protection for your retirement funds. If you get hacked, thieves can gain access to your retirement account and transfer funds into their own pockets.
What would happen if your investment account was hacked and funds were stolen? Many brokerages have customer protection guarantees in case of unauthorized account activity, but customers are responsible for taking certain action before and after the hack to qualify for reimbursement of stolen funds.
Investment brokerage policies vary on the subject of restoring losses from unauthorized activities. In general, customers are responsible for promptly detecting and notifying the brokerage of unauthorized activity, and for showing that the security lapse was not their fault.
Here are steps you can take to protect your retirement account.
Monitor investment accounts
Unlike a checking account or credit card account that is typically monitored fairly closely, a transfer from an investment account can easily go unnoticed for months until a quarterly statement. The first step in getting funds restored to your retirement account after a hack is to notify the brokerage that unauthorized activity has occurred.
Instead of waiting for a quarterly account statement in the mail, you can access your account electronically to check for unexpected activity. Some brokers allow you to set up alerts and receive notifications by email if a transaction has processed.
Protect account access credentials
There are several important security measures you can take to prevent a thief from accessing your retirement account.
1. Set up two-step verification
An easy way to boost the security of your access credentials is to sign up for two-step verification with your brokerage. This means that in addition to your password, you’ll need a one-time numeric code that is sent to you via text message or email when you try to log in. This adds a layer of security; simply having your login and password is not enough for a thief to gain access to your account.
2. Beware of phishing scams
Criminals often send out emails that appear to be legitimate asking for login information. They may also try to trick you into clicking on a link that leads to a fake website designed to capture your username and password when you try to log in. Some internet security products verify that websites are authentic and post a warning when you try to access unconfirmed sites, in order to provide protection from phishing. (See also: How to Avoid Phishing Scams)
3. Don’t sign in on a public Wi-Fi connection
Avoid using public computers to access your retirement account, and avoid logging in over an unsecured Wi-Fi connection. You should also avoid reusing the same password for multiple accounts.
4. Don’t share your login with anyone
Think twice before sharing your access credentials with others, even companies such as Mint or Personal Capital that use your login to help monitor your account. If a company that has your login information gets hacked, and your access credentials are stolen and used to drain your account, this loss may not be covered by the recovery policy of your broker. (See also: Stop Making These 8 Risky Password Mistakes)
Secure your computer
Hackers can steal retirement account access credentials directly from your computer. Install anti-virus and anti-malware software, including a firewall, to prevent thieves from breaking in. Use a login for your computer to keep others from accessing your files. After a hack, investigators from the brokerage may want to examine your computer to see that you were using reasonable security features when determining whether you were at fault for the hack.
Policies of major brokers for hacked accounts
Account restoration policies in response to unauthorized activity vary by broker. Following are links to policies at major firms so you can check to see what is required to get retirement funds restored after a hack.
In general, you are responsible for monitoring and protecting your own retirement account by keeping your password secure and taking reasonable security precautions on your computer or other devices. If the hack and resulting loss occurs due to breach of the brokerage’s computer system, you’ll likely get your funds restored based on the policies of most brokerages.