The internet has grown from primarily a means of communication to something deeply intertwined with all of our financial lives. People freely access their credit cards, investments and bank accounts on cell phones, tablets and computers from anywhere in the world.

Financial organizations invest great sums of time and money to defend their digital fortresses, but the number of security breaches is on the rise. In 2015, PricewaterhouseCoopers reported a 38 percent increase in such incidents from the previous year, according to the firm’s most recent Global State of Information Security Survey.


Then there is the cost: Cyber-crime costs the global economy $400 billion annually, according to the Center for Strategic and International Studies.

How should investors protect themselves from cyber security risks? Obvious recommendations include password protection for cell phones, periodically changing passwords and refraining from using public wi-fi to conduct private business. You should refrain from using the same credentials for multiple sites. Password management programs can help track and evaluate the strength of your various login credentials and require one master password, which would be the only one you need to remember.

Then there are additional, more complex steps we all can take to protect our financial information. Multi-factor authentication is one increasingly popular method: This method helps verify that the person logging-in is not an imposter, thanks to prompts requiring that he or she share information in addition to a password.

Some companies even require a pre-arranged security question. However, this measure may be meaningless if your other confidential data has been hacked.

Other companies issue a numeric code to accompany your password. This is a random combination created in real time, which did not exist a minute ago and will not be valid a minute from now. The code is generated while you are logging in, and sent by text or email. While this strategy is better than nothing, it can still be problematic if your cell phone or email is compromised.


The next level of security is an “authentication token.” This is a device the size of a key fob, connected by satellite, like the pagers of yesteryear.

When you press a button on the token, a new code is created and synched with your investment account.

This is a common feature on corporate bank accounts but is far less common with individual ones. The reason? Cost, and the perception that investors do not want the extra log-in hassle.

We are very pleased, however, that Charles Schwab makes this feature available at no cost to our clients for accounts custodied there. Schwab is also prepared to handle unexpected events that might arise with the token.

Say, for instance, that you land in Paris after an overnight flight and realize that your token is sitting back home on your nightstand. With an alternative authentication process, Schwab will then provide you with an alternative code that works for a set period of time.

And, for the minor inconvenience of an extra log-in step, you will enjoy a higher level of security against the increasing frequency of web-based data breaches and the tremendous problems those breaches create.

This article was originally published in the April/May 2016 issue of Worth.