According to S&P Global*, cyber attacks are among the top geopolitical risks of 2025, underscoring how digital threats have become a central part of global security and economic stability. While these large-scale risks tend to dominate headlines, individual investors are not immune. Cybercriminals often exploit the same tools and tactics used in global cyber warfare — phishing, data breaches, and malware — to target personal investment accounts. For self-directed investors, this means one thing: protecting your online accounts is essential.
Here are some of the things that self-directed investors should consider about cybersecurity:
Foundational Security Practices
Think of your online password(s) as the lock on your front door — you wouldn’t use the same key everywhere. Each account should ideally have its own long, complex, and unique password. A reputable password manager can generate and assist with more safely storing passwords for all your accounts, so you don’t have to remember them all, or write them down somewhere they could be found.
Additionally, investors should be very selective and cautious in sharing confidential information — even small pieces of information can help scammers target you.
Enable Multi-Factor Authentication (MFA)
The Government of Canada recommends that all investors turn on two-factor or multi-factor authentication (MFA). MFA adds an extra verification step before access to accounts is granted, increasing your account’s security. Whenever possible, it is generally recommended to use an authenticator app or hardware key instead of SMS codes, which can be intercepted.
Keep Software and Devices Updated
Outdated software can create easy openings for hackers. Investors are advised to keep antivirus and anti-malware software current, enable firewalls, and regularly update operating systems and browsers. These updates don’t just improve performance — they can strengthen your defence.
Always Log Out Completely
Simply closing a browser window isn’t enough. Ideally, you should use your platform’s official “Log Out” function and clear your cache after each session. Even a few minutes of inactivity on your part can provide an opportunity for unauthorized access.
Be Careful with Wi-Fi and Public Networks
It is a good practice to avoid conducting financial transactions on unsecured or public Wi-Fi. If you must check your portfolio while travelling, you should try to use a reputable VPN (Virtual Private Network). At home, you should consider protecting your Wi-Fi with a strong password and WPA2 or WPA3 encryption.
Stay Alert to Phishing and Social Engineering
If you receive an unexpected email, text, or call claiming to be from your broker or bank, pause before responding. Try to confirm the legitimacy of the source. Qtrade provides resources to help investors spot phishing (email scams), smishing (SMS scams), and typosquatting (fake websites that mimic real ones). When in doubt, you can go directly to the official website for information. Never click suspicious links or attachments.
Be Skeptical of “Guaranteed” Investment Offers
They say that if “if it sounds too good to be true, it probably is.” Be cautious of unsolicited messages promising high returns with little or no risk — these are common signs of fraud. Always verify offers independently and never transfer money or share information until you’ve confirmed the source’s legitimacy.
Back Up Digital Assets Securely
If you hold digital assets such as cryptocurrency, it is a good idea to store them offline in hardware wallets (cold storage) and to keep backup keys or recovery phrases in a secure, separate location.
Cybersecurity doesn’t have to be complicated — it’s about consistent, mindful habits. By following these practices and using the tools your platform provides, you can reduce risk and better protect your investments from online threats.
Account Monitoring and Due Diligence/ Check Your Accounts Regularly
Review your statements, trade confirmations, and transaction history frequently. Most platforms, including Qtrade, allow you to set alerts for logins, withdrawals, or changes to personal information. The sooner you detect suspicious activity, the faster you can respond.
Know Your Platform’s Protections
Choose a brokerage with strong cybersecurity policies and clear guarantees. Qtrade’s Internet Security Guarantee covers losses from unauthorized online transactions under specific conditions. Ultimately, understanding your platform’s security coverage — and its limits — is a key part of responsible investing.
*The S&P Global are the products of S&P Dow Jones Indices LLC or its affiliates (“SPDJI”) and TSX Inc. (“TSX”). Standard & Poor’s® and S&P® are registered trademarks of Standard & Poor’s Financial Services LLC (“S&P”); Dow Jones® is a registered trademark of Dow Jones Trademark Holdings LLC (“Dow Jones”); and TSX® is a registered trademark of TSX. SPDJI, Dow Jones, S&P, their respective affiliates and TSX do not sponsor, endorse, sell or promote any products based on the Indices and none of such parties make any representation regarding the advisability of investing in such product(s) nor do they have any liability for any errors, omissions or interruptions of the Indices or any data related thereto.