Technology has made it easier for anyone to invest their money. From automated trading advice and recommendations to wide access to global markets, even a novice investor can begin trading or market speculation with little money or experience. This has created an explosion of capital around the world.
However, using borderless investment platforms often removes regulations and oversight from the equation. This can have disastrous consequences when it places copious amounts of investor data and account information out in cyberspace, widens the attack surface, and increases the number of ways that hackers can access and sell or use that information.
Investing in the 21st Century
The past few years have seen an explosion in online investing. Even brokerage houses are getting into the digital trading game. At some point, live trading on the floor of the NY Stock Exchange may be a thing of the past.
Digital trading offers plenty of advantages, including:
- Tracking cash flow and margin balances
- Funding accounts through bank transfers and credit and transactions
- Monitoring security performance and positions
- Monitoring indexes
- Buying and selling stocks, bonds, and securities
- Receiving real-time alerts
- Triggering automated actions when thresholds are reached
- Interacting with the wider trading community
However, those advantages also elevate risks. As of 2018, the ways that investors can participate in markets has increased to include 16 desktop apps, 34 mobile apps, and 30 websites. That doesn’t even take into account cryptocurrency speculation and day trading.
How widespread is the risk? Statistics tell the story in numbers.
Digital Trading and Security Statistics
IO Active conducted an analysis of the most-used trading platforms and devices. They found that 64 percent of desktop apps and 6 percent of mobile apps transferred data without using any form of encryption; the rise of mobile use versus traditional means of accessing the internet will surely see that second number rise.
Without encryption, HTML can be viewed as plain text, and there were quite a few cases of apps and devices using outdated or obsolete protocols. Another encryption-related issue was investors using unsecured networks and unsupported apps to access their accounts and conduct trades.
The company also discovered that 21 percent of users had unencrypted or weak password protection. This information was either found stored in configuration files or sent to log files. Another 25 percent of users weren’t using two-factor authentication to access their accounts.
More than $76 billion dollars in illegal activity is conducted using Bitcoin or other cryptocurrency. This also affects trading and money markets. The average price for personal data on the Dark Web is about $0.20 per individual file. Multiply that by billions, and you’ll see how lucrative cybercrime can be.
Platform-Specific Investment Security Concerns
A report conducted by cybersecurity expert, Alejandro Hernandez found that all 40 major digital trading platforms he investigated had vulnerabilities to some extent. This included big names, like Schwab and Fidelity, and little players or startups, like Robinhood and Poloniex. No one is immune.
In addition to encryption issues, including a complete lack of encryption (and end-access points in some cases), there was an issue with lack of session timeouts. Even on Schwab’s website, users aren’t automatically logged off when they close their browser. This lapse in basic security allows hackers to enter active sessions and hijack them or insert malicious code.
Outside threats aren’t the only problem. Many apps and trading platforms include security vulnerabilities as a feature, allowing users to create their own bots and plugins, which are then released and re-circulated to the wider investing community. These third-party apps and utilities are often insecure and unsupported. Using the open source coding also means that software can be hijacked and the code altered.
Traditional stock and bond purchases aren’t the only sector with security lapses. Commodities speculation and strategic FX trading also saw a surge in activity after we began to recover from the global financial crisis in 2010. Since this fast-paced type of investing is often a solo pursuit conducted by individuals rather than initiated by brokers or financial advisors, it often leaves participants vulnerable to exploitation.
If you’re going to dabble in day trading, make sure to use a reputable platform that offers security and privacy for traders. This will help ensure compliance with regulations from agencies like the European Securities and Markets Authority (ESMA) and US digital trade regulations, as well as ensuring compliance with data procurement, storage, and usage laws like the GDPR.
Many of the companies cited in the Hernandez report claim they have since fixed vulnerability issues, but traders and online brokerages should put their own security measures in place to fill the gaps.
You can take matters into your own hands by:
- Reading the fine print regarding data storage and use by trading platforms. How much data do they need, why do they need it, and what do they do with the data they collect? GDPR should be mentioned in there somewhere.
- Using only secured, encrypted networks and devices while trading, and only go online when using a VPN.
- Creating a unique password for each individual login
- Using two-factor authentication for access
Trading platforms can improve digital security by:
- Choosing hosting platforms and apps that put security first
- Configuring sessions to timeout after a shorter inactive time
- Setting logins to automatically lock and send an alert after two failed attempts
- Acquiring only necessary user information and storing it offline
- Continuous, automated network monitoring for resource usage and suspicious activity
- Establishing an online knowledge base for users that includes security best practices
Final Thoughts
For some, financial freedom could be just a few mouse clicks away. However, your investment strategy shouldn’t be limited to fattening your bank account. Spending money on the security side of things offers a solid return as well.
Our goal isn’t to make you a more successful investor, but to help you protect yourself and your money. Nothing can substitute for industry oversight and regulations. However, knowing what the threats are and how to guard against them will go a long way toward keeping your personal and financial information in your hands.
About the Author
Gary Stevens is a front end developer. He’s a full time blockchain geek and a volunteer working for the Ethereum foundation as well as an active Github contributor.
Sign up for the free insideBIGDATA newsletter.
Speak Your Mind