By: Kayleigh Kulp, U.S. News, November 2017

Recent high profile data breaches are leaving many consumers wondering how they protect not only their bank accounts, but their investments, from hacks and losing it all.

“Retirement and brokerage accounts can be hacked and they are especially attractive to criminals that are willing to work diligently to attempt to cash out a 401(k) or to perform unauthorized stock trades,” says John Buzzard, industry fraud specialist at Co-op Financial Services, a Los Angeles-based financial technology company.

Thankfully, it’s not that easy, since the amount of paperwork and authorizations for routine transactions is complex, he says.

“Typically, a routine request online would generate emails and U.S. postal notifications that may get in the way of a hacker’s handiwork,” Buzzard says. “Unless the hacker is organized and takes advantage of consumers who are traveling abroad without arousing suspicion.”

That doesn’t mean consumers should be complacent. After the highly publicized breach of more than 143 million people’s Social Security numbers and other personal data at credit bureau Equifax (NYSE: EFX), the company set up a website to identify those people who have been affected and provide them with a free credit monitoring service by TrustedID Premier. This and other services notify customers of credit alerts and offer identity theft insurance.

Such services can be helpful in easing the pain of cleaning up identity theft early on, but are often reactive because they can’t keep the breach from happening.

How can you protect your hard-earned retirement funds and other investments from vulnerability? Investment and security experts provide the following tips:

Be vigilant online. If your investments are going to be hacked, it will likely be on the web, not because of statements you left unshredded in your recycling bin.

Consequently, maintain as few accounts online as possible, change passwords and user names frequently, and don’t let your computer remember your login information, says Jason McNew of Stronghold Cyber Security in Getttysburg, Pennsylvania.

Look at your statements at least monthly to see if anything is awry, Buzzard says, since most companies and creditors require notification about potential fraud within 30 days of the loss date. You should pay attention to the notation of the last login date and time displayed on most secure online sessions, he says.

“If you see a date and time that does not appear to match your last visit then someone may have gained unlawful access to your account and it’s time to change your user name and password,” he says.

As a reminder, Buzzard suggests changing your passwords as often as you change the batteries in your smoke detectors or even more frequently. Avoid free wifi hotspots when traveling and at public venues when possible.

Darren Guccione, CEO and co-founder of Keeper Security, a password management company, says it can be a good idea to use false information for security questions and also to use two-factor authentication whenever it is offered.

Sign on for credit monitoring services. As long as you are OK with receiving advertising and credit offers, Credit Karma offers free credit monitoring from Equifax and TransUnion (TRU), says Steven J.J. Weisman, an identity theft expert, attorney and Bentley University professor. Some banks and credit card regularly provide your credit score for free, which would alert you to any adverse actions.

Other paid services are worth looking into for insurance and your piece of mind. Companies include LifeLock, which offers membership from about $10 to about $30 monthly, depending on what level of coverage you choose.

Read the fine print. Read the terms of service for brokerage and investment accounts, and pay close attention to the conditions that must be met in order to receive reimbursement of funds in the event of a fraudulent hack, Buzzard says. These may include properly filed police reports and responsible consumer behavior, such as changing passwords, etc. You’ll also want to make sure you review such terms on a credit monitoring or ID fraud insurance policy as well.

Investment clients should ensure they have direct access to review their holdings at the custodial level, not just through their advisor, says Susan Dahl, founder of wealth services company Levatus in Boston.

Activate all the possible account change text, email and phone alerts offered by your brokerage company and verify all contact information is correct, Buzzard says.

Sign up for credit freezes at the major bureaus. Though only about 13 percent of people surveyed by J.D. Power have done so, freezing your credit is a good way to ensure hackers cannot at least obtain new credit. It also prevents you from opening new credit, too, so you’ll want to unfreeze it temporarily when you need to for a small fee.

This simple act instills good, vigilant habits for knowing what’s going on with all of your accounts.

About 20 percent of consumers surveyed by J.D. Power said they were not aware of the Equifax data breach, while 51 percent said they are either very or somewhat aware. Of those who are aware of it, 61 percent said they felt at least somewhat at risk.

“Everyone should have some type of protection on an account,” says Jeff White, a financial analyst with “Whether that is basic monitoring or a full credit lock is really up to how often you open credit accounts, or have your credit checked for your own personal needs.”

Continue to US News