• Protect your passwords for your online financial accounts. Keep passwords in a secure place, and don’t share them on the Internet, over email, or on the phone.
• Use anti-virus and anti-spyware software, and a firewall, and keep them up-to-date. If your firewall was shipped in the "off" mode, be sure to turn it on and set it up properly.
• Avoid using public or other shared computers to access your online financial accounts, and use extra caution when using your own computer in a wireless “hot spot.”
• Don’t believe everything you read in online newsletters, investing blogs, or bulletin boards.  Fraud artists often float false information and “hot tips” as part of their efforts to rip-off investors or manipulate the market for a particular security.
• Turn to unbiased sources when researching investments, such as the U.S. Securities and Exchange Commission, your state securities regulator, and securities industry self-regulatory organizations (including FINRA, Amex, and Nasdaq).

Protect your personal information. If you get an email or pop-up message asking for personal information, don't reply or click on the link in the message. Email is not a secure way to transmit personal information, and you don’t want to risk downloading a virus or piece of spyware that can log your key-strokes when you type in an account number, password, or PIN. The safest course of action is not to respond to requests for your personal or financial information. If you believe there may be a need for such information by a company with which you have an account, contact that company directly in a way you know to be genuine.

Don't access your online financial accounts until you have checked for indicators that the site is secure, like a key or closed padlock icon on the browser's status bar or a website URL that begins “https:” (the “s” stands for “secure”). Unfortunately, no indicator is foolproof; some scammers have forged security icons.

Hackers may try to figure out your passwords to gain access to your computer and your finances. You can make that less likely by:

• Using passwords that have at least eight characters and include numbers or symbols. The longer your password is, the tougher it is for a hacker to discover it.
• Avoiding common words: some hackers use programs that can try every word in the dictionary.
• Not using your personal information, your login name, or adjacent keys on the keyboard as passwords.
• Changing your passwords regularly (at a minimum, every 90 days).
• Not using the same password for each online account you access.

Use anti-virus and anti-spyware software, and a firewall, and keep them up-to-date. These programs are a must-have if you make financial transactions online.  Look for anti-virus software that removes or quarantines viruses, and for anti-spyware software that can undo changes spyware makes to your system; check that both programs will update automatically.  It’s also important to keep your operating system up-to-date with the latest security patches.

Use a Security Token (if available). Using a security token can make it even harder for an identity thief to access your online investment account. That's because these small number-generating devices offer a second layer of security — a one-time pass-code that typically changes every 30 or 60 seconds. These unpredictable pass-codes can frustrate identity thieves.

Many cafes, hotels, airports, and other public establishments offer wireless networks for use by their customers. These “hot spots” are convenient, but they may not be secure. Ask the proprietor what security measures are in place. Regardless, if you have personal, financial, or other sensitive information on your computer, you may decide that accessing your online investment account — or any account, for that matter — through a public wireless connection isn't worth the security risk.