Because the average investment account boasts a much larger balance than a typical checking or savings account, cybercriminals are particularly interested in hacking them. Financial institutions are largely responsible for ensuring the security of these accounts, but business customers and consumers also should adopt defensive measures. Here are five recommendations.

1. Select two-step authentication: Most financial service providers give customers the option of using a two-step verification process to prevent unauthorized access to their accounts. A two-step approach requires you both to log in to your account with a password and to verify your identity with, for example, a one-time code sent to your mobile phone.
2. Choose complex and unique passwords: Criminals often gain access to bank and investment accounts thanks to weak passwords — or because an accountholder uses the same password for multiple accounts. Make sure you use complex, unique passwords with upper- and lower-case letters, special characters, and numbers for every investment account you maintain.
3. Establish account alerts: In addition to reviewing your monthly account statement for unauthorized transactions, request that your investment institution notifies you via email or text of all account activity. For example, the financial company should confirm buy or sell orders or transfer requests. If you receive a message regarding a transaction or transfer you did not authorize, contact your investment company immediately.
4. Consider biometrics: Certain devices, including many mobile phones and some laptops, support the use of biometrics, such as face recognition or fingerprint scans. Using biometrics can seem inconvenient at first, but criminals find it almost impossible to foil this unique form of verification.
5. Exercise caution with emails: To prevent the installation of malware that can steal account passwords, open emails with caution. If you receive an email from a business or service provider, do not click on any links. Instead, type in the business’ website address and log in to your account that way. If the spelling, grammar, and structure of an email appears unprofessional or suspicious, delete the email and remove it from your deleted email folder. Finally, keep antivirus and malware detection software updated.

Protecting investment accounts takes a multi-layered approach and constant vigilance. Although your financial service provider likely uses state-of-the-art security to fend off cybercriminals, you also must do your part.