Online Security Practices for Safeguarding Financial Accounts

Government agencies and financial regulators continue to publish guidance on protecting online financial and retirement accounts, as cybercrime losses have increased in recent years. These recommendations focus on account monitoring, password management, and device security.

The Employee Benefits Security Administration of the U.S. Department of Labor recommends that individuals register and set up their online retirement accounts, and check them regularly to detect unauthorized access. The agency also encourages users to keep personal contact information up to date and close or delete accounts that are no longer in use to minimize risk.

Strong, unique passwords of at least 14 characters are advised by multiple authorities, including the Department of Labor EBSA, FINRA, and Kiplinger. Password managers are suggested as a tool to help maintain complex credentials securely. Enabling multi-factor authentication is also recommended to add an extra layer of security to financial accounts.

Both the FDIC and FINRA advise against using public Wi-Fi for accessing sensitive accounts. Instead, they recommend using a home network, cellular connection, or a virtual private network (VPN) to reduce exposure to interception and unauthorized access. Keeping antivirus software and all applications updated is also highlighted as a way to protect against malware and vulnerabilities.

What the numbers show

• U.S. consumers lost over $12.5 billion to cybercrime in 2024
• This figure represents a 25 percent increase from the previous year
• Authorities recommend passwords of at least 14 characters for accounts

Phishing attempts remain a concern, with the Department of Labor EBSA and the FDIC advising vigilance for suspicious messages, unexpected requests, or mismatched website links. The FDIC specifically recommends not opening emails or texts from unknown senders and verifying website addresses before clicking any links.

FINRA suggests setting up alerts for account activity and reviewing statements and correspondence to identify unauthorized transactions quickly. Logging out after using financial accounts and avoiding shared devices are also part of FINRA’s recommended practices for account safety.

Using a VPN is noted by both the FDIC and other sources as a way to add encryption and protect against interception, especially when accessing accounts over unsecured networks. This measure can help prevent man-in-the-middle attacks and further secure sensitive information.

Industry reaction

The U.S. Department of Labor EBSA, FDIC, and FINRA have all published guidance supporting the use of strong passwords, multi-factor authentication, and account monitoring for improved online security.

Kiplinger has emphasized the need for consumers to update software, use unique passwords, enable two-factor authentication, and monitor financial statements as part of their recommendations for online safety.

* This article is based on publicly available information at the time of writing.