skip to content
Primary navigation
Feature image for


Our mission is to protect the public interest, advocate for Minnesota consumers, ensure a strong, competitive and fair marketplace, strengthen the state’s economic future; and serve as a trusted public resource for consumers and businesses.

Commerce Department urges investors to keep their personal information safe and ask questions about cybersecurity

10/10/2017 9:59:29 AM

SAINT PAUL, MN -- October is both Cybersecurity Month and Financial Planning Month, which presents an opportunity for investors to practice good internet security habits when using online investment accounts. The Commerce Department also recommends that investors ask questions and get information from their financial professionals about their cybersecurity practices to protect their personal information. A recent examination of investment advisers by state securities regulators including Minnesota revealed nearly 700 deficiencies in cybersecurity.

“With recent widespread data breaches in the news, investors have good reason to be concerned about the safety of their financial information,” said Commerce Commissioner Mike Rothman. “Commerce has provided guidance to our regulated industries to take appropriate measures to protect customers’ accounts and prevent any fraudulent activity from breaches. Investors can also take proactive measures to secure their accounts. ”

Commerce offers investors the following best practices with online accounts:

  • Protect your online accounts: Create a strong password and use different passwords for different accounts. If one password were compromised, all of your accounts using that password would be vulnerable too. Remember to change your password every few months. 
  • Access your accounts safely: Make sure your anti-virus, firewall and other security software are up-to-date. Avoid using public wireless networks that don’t require a password. Check for the padlock icon in the corner of the browser that signals the website you are using is encrypted and be sure to log out of your account when you are finished.
  • Monitor for suspicious activity: Regularly monitor your online bank accounts. Keep track of your transactions so that you can spot suspicious activity and report it as fast as possible. 
  • Update software regularly. Run software updates on your home and business computers.

/commerce/consumers/your-money/protect/index.jspMore guidance on protecting financial information is on the Commerce website. 

As an investor, you should also hold your investment and financial professionals accountable for cybersecurity. Think about the safety of your personal financial information, and talk with your investment professionals about what steps firms are taking to safeguard client information.

Ask questions about cyber-security. Before you make an investment, be sure the firm or individual selling you the product has a satisfactory plan in place to protect your private financial information from cybersecurity threats. The Commerce Department suggests using the following questions to assess the strength of a firm’s or individual’s cybersecurity.

  • Cyber preparedness: Has the firm addressed which cybersecurity threats and vulnerabilities may impact its business?
  • Cybersecurity compliance program: Does the firm have written policies, procedures, or training programs in place regarding safeguarding client information?
  • Cyber insurance: Does the firm maintain insurance coverage for cybersecurity?
  • Cyber expertise: Has the firm engaged an outside consultant to provide cybersecurity services for your firm?
  • Cyber confidentiality: Does the firm have confidentiality agreements with any third-party service providers with access to the firm’s information technology systems?
  • Cyber incident: Has the firm ever experienced a cybersecurity incident where, directly or indirectly, theft, loss, unauthorized exposure, use of, or access to customer information occurred? If so, has the firm taken steps to close any gaps in its cybersecurity infrastructure?
  • Cybersecurity safeguards: Does the firm use safeguards such as encryption, antivirus and anti-malware programs? Does the firm contact clients via email or other electronic messaging, and if so, does the firm use secure email or any procedures to authenticate client instructions received via email or electronic messaging, to work against the possibility of a client being impersonated?
back to top