Because the average investment account boasts a much larger balance that a typical checking or savings account, cybercriminals are particularly interested in hacking them. Financial institutions are largely responsible for ensuring the security of these accounts, but business customers and consumers also should adopt defensive measures. Here are five recommendations.

  1. Select two-step authentication. Most financial service providers give customers the option of using a two-step verification process to prevent unauthorized access to their accounts. A two-step approach requires you both to log in to your account with a password and to verify your identity with, for example, a one-time code sent to your mobile phone.
  2. Choose complex and unique passwords. Criminals often gain access to bank and investment accounts thanks to weak passwords — or because an accountholder uses the same password for multiple accounts. Make sure you use complex, unique passwords with upper- and lower-case letters, special characters and numbers for every investment account you maintain.
  3. Establish account alerts. In addition to reviewing your monthly account statement for unauthorized transactions, request that your investment institution notifies you via email or text of all account activity. For example, the financial company should confirm buy or sell orders or transfer requests. If you receive a message regarding a transaction or transfer you didn’t authorize, contact your investment company immediately.
  4. Consider biometrics. Certain devices, including many mobile phones and some laptops, support the use of biometrics, such as face recognition or fingerprint scans. Using biometrics can seem inconvenient at first, but criminals find it almost impossible to foil this unique form of verification.
  5. Exercise caution with emails. To prevent the installation of malware that can steal account passwords, open emails with caution. If you receive an email from a business or service provider, don’t click on any links. Instead, type in the business’s website address and log in to your account that way. If the spelling, grammar and structure of an email appears unprofessional or suspicious, delete the email and remove it from your deleted email folder. Finally, keep antivirus and malware detection software updated.

Protecting investment accounts takes a multi-layered approach — and constant vigilance. Although your financial service provider likely uses state-of-the-art security to fend off cybercriminals, you also must do your part.

© 2020 Covenant CPA

Nearly everyone owns at least some digital assets, such as online bank and brokerage accounts, bill-paying services, cloud-based document storage, digital music collections, social media accounts, and domain names. But what happens to these assets when you die or if you become incapacitated?

The answer depends on several factors, including the terms of your service agreements with the custodians of digital assets, applicable laws and the terms of your estate plan. To reduce uncertainty, address your digital assets in your estate plan.

Pass on passwords

The simplest way to provide your family, executor or trustee with access to your digital assets is to leave a list of accounts and login credentials in a safe deposit box or other secure location. The disadvantage of this approach is that you’ll need to revise the list every time you change your password or add a new account. For this reason, consider storing this information using password management software and providing the master password to your representatives.

Or, you can use an online service designed for digital estate planning. These services store up-to-date information about your digital assets and establish procedures for releasing it to your designated beneficiary after your death or if you become incapacitated.

Know the law

Although sharing login credentials with your representatives is important, it’s no substitute for covering digital assets in your estate plan. For one thing, a third party who accesses your account without formal authorization may violate federal or state privacy laws.

In addition, many states have laws, such as the Uniform Fiduciary Access to Digital Assets Act (UFADAA), that establish default rules regarding access to digital assets by executors, trustees and other fiduciaries. If those rules are inconsistent with your wishes, you’ll want to modify them in your plan.

The UFADAA allows people to provide for the disposition of digital assets using online settings offered by the account provider. For example, Facebook enables users to specify whether their accounts will be deleted or memorialized if they die and to designate a “legacy contact” to maintain their memorial pages.

The act also allows people to establish rules in their wills, trusts or powers of attorney. If users don’t have specific instructions regarding digital assets, the act allows the account provider’s service agreement to override default rules.

Take inventory

To ensure that your wishes are carried out, take inventory of your digital assets now. Then, talk to us about including these important assets in your estate plan.

© 2020 Covenant CPA