Skip to main content

Online security DOs and DON’Ts

Security concerns apply inherently to all online platforms. Choosing an online platform with adequate security measures would help to protect yourself, but is this good enough? Your personal online practices play a significant role in helping to protect yourself as well.

  • Keep track of all your trades closely. Log on to your online account regularly, or when you receive an e-statement alert from your online platform, and review all transactions promptly. Beware of any suspicious or unauthorised transactions.
  • Set a strong password. Change it regularly and avoid recycling the same password. If your online platform provides you with a security token, keep it in a safe place.
  • Watch out for any unauthorised changes to your account information such as telephone number, email address and login password.
  • Type the website address (URL) or use a bookmark to enter the website of your online platform. Avoid accessing the website through a hyperlink embedded in an email, internet search engine or suspicious pop-up window.
  • Use a secured computer or mobile device. Always log out of the website, app or system after completing your trade.
  • To protect your computer or mobile device, activate the auto-lock function; install reputable anti-virus, anti-spyware and anti-malware programmes and update them as and when they are released; set up a personal firewall.
  • Use the latest versions of operating system, apps, software and browser. Keep software up-to-date.
  • Use your own network and avoid public Wi-Fi network for online investing/banking. Disable the auto-connected function at your mobile devices and turn off the Wi-Fi when not in use. If you need to use a third party’s Wi-Fi network, make sure it is trustworthy and encrypted. Do not use unknown or dubious Wi-Fi network.
  • Always consider the data security and privacy when you download and install any software and apps into your computer and mobile device.
  • Don't disclose the login ID and password of your online account to any person or respond to any unverified requests. Intermediaries do not normally contact customers for personal information by email and do not ask customers to disclose their account passwords or details. Check with your intermediary if in doubt.
  • Don't store your password in computers, mobile phones, and don't use a single password for all your accounts e.g. email account or banking account.
  • Don't log in to your online account when you see unusual pop-up messages on the screen, or if the computer response is abnormal, and when unexpected steps or information are required.
  • Don't use public computers or network connections to access your online account.
  • Don't share your computer or mobile device used to access to your online account with others.
  • Don't download and install any unknown software.


16 April 2018