It’s been about two months since we were all shocked by the carelessness of the Equifax team. And while the world has largely moved on, spurred on by the next tweet or the next crisis, the Handy Millennial is willing to bet that you, my dear reader, are still dangerously vulnerable.
Now we need to be a bit more specific because while the Handy Millennial (and your favorite news outlet) can fill volumes describing your vulnerabilities, this post is specifically about your investments and, even more importantly, your retirement nest egg, which is also an investment.
This post continues the Handy Millennial’s series on retirement and steps that you should take to enjoy your golden years. The prior posts in this series discussed the history of retirement, the types of retirement accounts, and the mix of accounts that one should have to retire comfortably. Today we will address another important aspect of retirement planning: keeping all that good stuff safe!
This is a very important topic, but the Handy Millennial is shocked by how little attention is given to it. You see, my dear reader, while people will tell you to save a TON of money in those investment accounts, few address how safe that money really is.
The reality is that after the Equifax hack, it’s really not so safe. To be fair, we probably never were. Check out Mr. Money Mustache’s post on the mirage of safety. Still, if you’re going to go through all the trouble to call Equifax to freeze your credit (and hang up in frustration or get disconnected) you probably should also take a moment and tighten up that security (if you did already, I want to give you a virtual high five).
Assumption of the Average American
Before the Handy Millennial begins to proselytize about what the investment companies do or the steps you should take, let’s take a moment and see what you think about how safe you are. The Handy Millennial is willing to bet that you believe that in the case of fraud in your 401k (for example) you are covered.
Did he guess right?
Great! Now let’s see why that might be. Well, you’ve probably heard since you were little that money in the bank is insured by the Federal Government through something called the Federal Depositor Insurance Corporation (FDIC). (You do check for this when opening that new account for the $100 bonus right? Right?!)
You probably also know, or at least have been told many times, that you should use a credit card because you aren’t liable for erroneous charges if you use one.
So obviously when we invest money, we follow the same logic right? In fact, to bring back my favorite frog picture, when you invest your money, you’re putting it somewhere very very safe… right? wink wink.
The truth is a bit different. You see, my dear reader, while in the past there were bank runs (think the Great Depression) and massive credit fraud, this is the first time in history that we have asked the average American to take charge of their own retirement investment. This means that the average American is now holding sometimes hundreds of thousands more dollars in savings than ever before. But the system has never been tested!! And that should scare your pants right off because the proverbial hammer is waiting to come right down onto your nest egg!!
Now what the Handy Millennial means here is that because millions of Americans have not yet lost their proverbial pants in a hack, the Government has not made any rules protecting them.
So what does actually exist? Good question. Answer: Company policies. You know the kind that end with “We reserve the right to change this policy at any time and without notice.”
But let’s see what those policies are. Today the Handy Millennial will review the policies of three major brokerages: Vanguard, Fidelity and Schwab. These three are frequently recommended in the personal finance community and are therefore good candidates for this discussion.
Now before the discussion begins, please understand that the Handy Millennial uses some or all of these companies. The Handy Millennial likes these companies and does not harbor ill will toward these companies. And the Handy Millennial understands that these policies are all well-intentioned and will most likely protect the consumer when and if they are need.
But the Handy Millennial would like a guarantee that these policies will really hold if, say, the average FIRE enthusiast were to have SEVERAL HUNDRED THOUSAND dollars stolen from an account. One can easily see how it may be no problem if say $10,000 are stolen, but how a company might do a careful double take of all the bullet points if, say, $250,000 are stolen.
The Vanguard Policy
Ah Vanguard, the Handy Millennial‘s personal favorite (seriously love these guys) and the white knight of the FIRE community. So what do they say?
Tag line: You are not responsible for fraudulent activity, as long as you follow our rules!
Great!! I’m so happy, now please what are the rules?
- Review your accounts regularly.
- Make strong passwords.
- Have unique answers to security questions.
- Don’t share your credentials.
- Don’t store your credentials in your browser.
- Clear your browser cache when you exit each time.
- Have an up to date anti-virus, anti-spyware, and firewall.
- Do not click on any emails asking for information and impersonating Vanguard.
- Cooperate with Vanguard when investigating – may include filing a police report, notarizing an affidavit and ACCESSING your computer.
Okay, if your eyes haven’t rolled into the back of your head yet, maybe they should. How many of these points are you following?
Here is a pro-tip from the Handy Millennial. When you read policies like this, learn to look for loop-holes, ie, learn to recognize when the company is leaving itself an out. Example, you may ask? Sure:
- Review your accounts regularly. What is regular please? Obviously it’s whatever Vanguard says, but since they never told you, they could always say you weren’t doing it regularly enough. Say you check your account monthly. Could they come back and say you should have done it weekly? Daily?
- Make strong passwords. When was the last time you checked the requirements? It’s easy to slip, computers get faster over time, and so the requirements get more complex. So what happens if the requirements change and you get hacked that week?
- Have an up-to-date anti-virus, etc etc. Tell me the last time you thought about this. Let’s say that you are a conscientious person and you bought a protection suite AND you pay your annual feel. Is that enough? How up-to-date? If you miss a daily virus file download, is that out of date?
You get the point. The main message here is that lack of specifics make this policy full of holes that can be exploited.
Why is this? Because there is no law protecting you. It’s up to the good faith of the company.
The Fidelity Policy
Moving on to Fidelity. A company whose name literally means commitment, and who therefore subconsciously makes you think they have your best interest in mind!
These guys (who BTW I also do like very much) have something called the Customer Protection Guarantee. Guarantee!! This is exciting; let’s see what’s in it.
It’s like a whole book you need to read, but basically it says that you are covered for everything in you account as long as:
- You check your account information and promptly review correspondence, account statements, and confirmations no later than 30 days after they are available to you.
- Change your password if you are a victim of identity theft. (Equifax anyone??)
- Do not share your credentials.
- Set tough security questions.
- Create a unique user name.
- Use 2-factor Authentication.
- Download ID protection.
- Be careful downloading Apps on your phone. (No more fake candy crush!!)
- Learn signs your phone might be hacked.
- Install anti-virus.
- Ask your phone provider how to better secure your phone account, thereby safeguarding the two-factor authentication mode.
- Secure your home WiFi.
- Install and update anti-virus.
- Update your computer.
- Review your accounts monthly and set up transaction alerts.
- Switch to online statements.
- Pay attention to email notifications.
- Do not answer emails that ask for sensitive information.
- Browse with vigilance! (this is the Handy Millennial’s favorite)
- Log out when leaving a website.
- Look out for spoof websites.
- Use HTTPS.
- Download software carefully.
- Look at website’s certificate of validation. (Whats this??)
- Keep your browser updated.
These guys do get credit for telling me how often I should be checking! Awesome, love you guys. Also, not a bad list of things you should be doing online anyway. But just like the points about Vanguard above: A. How are you going to verify all this stuff?, and B., If you can’t verify it, am I still protected?
Again, lots vagueness here that can be exploited.
Last but not least Schwab. The current king of low rates. To their credit, Schwab has the most straightforward policy. They call it the Security Guarantee! Love Love Love Guarantees!
Similar to the other guys, they cover you if you:
- Do not share your account credentials.
- Do not share any information used to authenticate you.
- Report unauthorized activities in a timely manner.
- They recommend that you adopt several additional steps to help them secure their accounts:
- Check monthly statements.
- Keep your computer, browser, and firewall updated.
- Keep you anti-virus and your anti-spyware software updated.
- Check you security settings.
- Verify you contact Schwab on a secure website.
- Be cautious (ie. don’t contact us) on public computers and WiFi.
- Be secure when you create login ID, password.
- Add verbal authentication.
- Get a free security token.
First, wow!! even the Handy Millennial is surprised.
Of the three companies, Schwab was by far the best! Simple and direct. This is exactly what you want when you are reading these policies. Note that the unverifiable computer updates are only recommended. Sure, if you do not have an anti-virus software they might ding you, but saying recommended instead of MUST is a big, big deal. By simply saying recommended instead of must they are essentially saying that it would be nice if you did this, but we will cover your butt anyway.
The only point on which Schwab might be dinged is ambitiousness on when to check your account. However, they do rectify this point by stating one should check their MONTHLY statements. So only a mild demerit here.
Handy Millennial Takeaway
Alright gang, time for a wrap-up, and more importantly for the Handy Millennial to make a point (unless of course you are simply around to hear his acerbic whit).
Well here it is: It’s the wild west out there, and it’s up to you to protect yourself.
First, if you’re just getting started, check out these policies and choose the one you are most comfortable with. Second, once you choose, do learn about how hacks happen and be smart. Hint: Most hacks go through the weakest link in the chain: the human. Third, don’t close your eyes and stick your head in the sand. You have no advantages when you act this way.
5 Steps to Take Now
Let’s get down to brass tacks: what should you do right now to keep your future and your nest egg safe? Well my dear reader, here are the top 5 steps that Handy Millennial would take.
- Learn what a phishing email is. Seriously, just stop and do it now. When you get an email, look at who sent it. Does it look legit? Also remember that a real institution would NEVER ask for any personal information via email. They would simply say log in to see your secure message. And they would never ask you to log in through the email.
- Use a password vault. You can use a free one like KeePass, or a paid one like Dashlane. Use the vault’s capability of generating random passwords. Don’t forget to specify all the investment account’s rules for the passwords. The paid ones do have the advantage of being able to replace your passwords automatically. The disadvantage is that they keep your passwords stored in the cloud. Be smart and keep this up to date.
- Turn on 2-factor authentication on every account you can. Do not bypass 2-factor authentication on any account by saving passwords on your computer or by storing your computer. Saving login information in your browser is easy, mindless, and hackable.
- Sign up for online statements. Do it now. Why are you getting paper in the mail anyway? Do you hate your planet so much?
- Get a security suite. Its hard to recommend one, but get something you are familiar with. Popular names include McAffee and Symantec and this Russian company that has been in the news lately…
1 Step to Take Weekly
- Check your account WEEKLY. Yes, the Handy Millennial recommends that you log in and read your investment account weekly! But wait wait Mr. HM, Jack Bogle told me to never look. Well my dear reader, Jack is trying to protect you from yourself, but you can be a big boy and not freak out when the number is a dollar lower, right? Right?!
So there you have it my dear reader, a brief discussion on whether you are covered if someone were to steal from your investment. As you can see, the news is mixed – some good some bad – but in the absence of a national law mandating where the liability for fraud lies, you must be vigilant to protect yourself.
Lastly, the Handy Millennial wants to reaffirm that he is not against Vanguard, Fidelity or Schwab. In contrast, the Handy Millennial likes and respects these companies. However, the Handy Millennial likes and respects his readers more and would like them to take the necessary precautions to make sure their nest egg is there when they need it most.