Trader Using Laptop
AskTraders™ Presents

The Complete Cyber Security Guide for Trading Beginners

Learn More

Dislaimer: Owing to the outbreak of Covid-19, more people are using the internet at one time than ever before. During this period, there has been a rise in cyber crime rates. Be sure to stay extra vigilant when you trade online.

If you’re thinking of getting into online trading, or have just started, there’s a lot to get your head around. Whether you’re working out which broker you’d like to trade through, or trying to figure out how this is all going to affect your tax, there’s plenty to think about.

With so much to consider, one area which might go dangerously neglected is the potential threat of a cyber attack. You’re likely to be dealing with large sums of money. That’s going to naturally draw attention from prying eyes.

But while you’d be right to be concerned about the impact of cyber crime, it would be wrong to panic. This guide will provide any trading beginners with a detailed breakdown of how cyber criminals might try to target them, as well as how to stop it from happening.

It will also look at the more general issues of cyber security within the stock market as a whole. While these are both very different forms of attack, they are equally dangerous from a financial perspective. Let’s discover how to best stay safe when you’re taking your first steps into the world of trading.

Contents
Chapter 1
A history of online trading and advice for new traders
  • A brief background on online trading
  • Advice to new traders
Learn More
Chapter 2
Common types of cyber attacks on traders
  • How cyber criminals target the stock exchange
  • How cyber criminals target traders
  • What they do with your private information
  • The risks of using an unregulated broker
Learn More
Chapter 3
How to protect yourself against cyber attacks
  • Areas of cyber security management
  • What to look for in a trusted trading platform
  • Crypto currency trading safety
  • Steps to protect your personal devices
Learn More
Chapter 4
What to do if you become a victim of cyber crime
  • The impact of a cyber attack on your stock value
  • What to do if you become a victim of data theft
  • Turning to the authorities
Learn More
Chapter 5
Further reading
  • Secondary reading material
  • Useful links
Learn More
Stock Market Screen
Chapter 1

A history of online trading and advice for new traders

It’s hard to know where to start when you first begin trading. Before we sink our teeth into the nuances of cyber security, let’s take a look at what you can do to set yourself up for the best possible start to your trading career.

A brief history of online trading

To understand the nuances of stock trading, we need to take a look back across the entire history of the sector. From its humble roots in the 14th century, to the current online landscape, here is a step-by-step breakdown every trader should familiarise themselves with.
1300s-1500s (Debt trading)
The earliest recorded form of trading can be traced back as far as the 14th century. Venice would emerge as the trading capital of the medieval world, with lenders trading risky (high interest) loans between each other. When they realised they could also sell the loans to average citizens, they started a movement which has persisted to this day.
1600s (Stock trading)
The Dutch East India Company was the first (known) corporation to officially introduce the concept of stocks. In 1602 they held their first IPO (initial public offering), where investors could try to make a profit from their ships’ long voyages across the sea. Eventually, the concept of trading these fluctuating stocks with brokers (during what would be two-to-three-year-long journeys) became popular.
1792 (NYSE)
We skip forward nearly 200 years now to the creation of one of the most financially important institutions in the world – the New York Stock Exchange. The original 24 brokers held their first meeting under a buttonwood tree. Suffice to say things have come a long way since.
1969 (ECN technology)
The electronic communication network changed the way stock was traded forever. It allowed traders to see change in value in real-time (unheard of until that point), and naturally drew the attention of businesses the world over.
1971 (NASDAQ)
It wouldn’t take too long for an institution to utilise ECN technology successfully. NASDAQ (the National Association of Securities Dealers Automated Quotations) were the first to introduce true online trading. When they started in the 70s, traders would still rely on human broker input (this is where the iconic image of hundreds of brokers yelling and giving elaborate hand signals comes from). By the 80s, most stocks were phoned in. And by the 90s, with the prevalence of the internet, the whole process became a lot smoother and far more akin to the modern way of trading.
1987 (Black Monday)
While Black Monday is correctly remembered as a negative, there were pros to come out of it. When the stock market experienced its largest single day decline, brokers were so inundated with calls that they stopped answering their phones. This led to the invention of the Small Order Execution System. In short, this allowed all investors (small or big) to have guaranteed electronic trading at all times.
ew York Stock Exchange
New York Stock Exchange
2000 (Expansion & Day Trading)
The turn of the century saw a boom in the number of online brokerage firms. From just the 14 in 1990, there were over 200 by the year 2001. This meant day trading (committing to trading as a full-time job) soon became plausible.
From just the 14 in 1990, there were over 200 by the year 2001.
2020 (Some stability)
The world of online trading has reached a comfortable lull across the past decade or so. That’s ultimately a good thing, with the market stabilising and trading technologies progressing at a more natural rate. The only question which remains is how the recent COVID-19 pandemic might affect that.

Source: Be Businessed

From just the 14 in 1990, there were over 200 by the year 2001.
Having an understanding of how we got to where we are today is useful. But it’s not as integral as making the right decisions when you trade.

Advice to new traders

You’ve decided to become a trader. That’s great. There’s a whole new world of opportunities available. But knowing how to start your journey in earnest is tough. Here are some snippets of top level advice which should point you in the right direction.
Manage funds
Make sure whatever you’re trading with is surplus cash which you’ve set aside knowing you can afford to lose. Most traders often utilise the one percent rule. That is to say, they won’t spend more than 1% of their entire trading account on any one trade. This is smart, as it means you’re limited to what you can ultimately lose if a trade flops.
Commit time
Trading takes time and effort. You can’t just expect to come home from a full working day and then freely trade through the evening (after all, it’s called day trading for a reason). While the odd small investment here and there can be managed in this way, full-time traders need to dedicate basically their entire working day to the practice.
Avoid penny stocks
Cheaper stock might seem like a good way to make quick wins, but there really is very little actual reward in it. Most stock under £5 will often become delisted after a short while, making trading in them a little pointless.
Man using laptop
Trading takes time and effort.
Cut losses with limit orders
When you enter and exit trades, you can use either market orders or limit orders. With a market order, your trade is executed at the best price available at the time. That means you have no price guarantee. Limit orders are a lot more precise, meaning you can control exactly how much you might lose.
Stick to your plan
This is especially true if you have a tried and tested method which you know works. While you need to act quickly in the world of trading, that doesn’t mean making rash decisions. Everything needs to be calculated.
Now you have a clearer picture of the world you’re entering into, it’s important to learn more about one of its most controllable risks. While you can’t have as much say on the natural ups and downs of the stock market, you can protect yourself against cyber attacks. Let’s look closer at how cyber crimes are committed, and what you can do to stop them.
Man on Laptop
Chapter 2

Common types of cyber attacks on traders

For as long as money has been transferred across the internet, there have been cyber criminals lurking in the shadows waiting to pounce. While traditional cyber attacks usually focus on the stripping of personal data, large scale efforts are sometimes employed to impact the stock market as a whole. When you first start trading, it’s important to understand as much as you can about both types of crime.

When you first start trading, it’s important to understand as much as you can about both types of crime.

How cyber criminals target the stock exchange

We often associate the term “cyber crime” with the stripping of personal information from a single individual – and with good reason. This is a common problem, with a reported 4.5 million cyber attacks officially committed in the UK in 2018 alone. But while those figures are alarming – and certainly something we’ll be addressing – it’s also key to note a different breed of cyber crime. Criminals don’t just target individual traders. Sometimes they get confident enough to attack the stock market as a whole. These attacks are often carried out through three primary methods:
Insider trading
When information which is meant to be secret or confidential is used to influence trading decisions, the practice is known as insider trading. It’s highly illegal, owing to the way in which it effectively manipulates the market for a guaranteed win.
Price manipulation
This occurs when someone begins to overvalue certain stock on the market. In extreme cases, an entire network of people might all overbid on a certain stock, leading to misleading figures regarding its true value.
Release of false or misleading information
This is similar to price manipulation, although it occurs without any bidding from the guilty party taking place. Fake information is created and shared, offering misleading statistics about the true value of stock.
By attacking the stock exchange, everyone will be affected in some way. In truth, you have limited control over this. When it does happen, make sure to gather as much information as you can, and turn to trained specialists for advice Your focus needs to be on protecting yourself and your assets. We’ll now explore how best to do that.
4.5 million cyber attacks officially committed in the UK in 2018 alone. Office For National Statistics

How cyber criminals target traders

Again, there’s more than one way an individual trader might be targeted online. Whether it’s via schemes which purposefully mislead a trader, or outright attempts to steal your private data, cyber criminals have a series of tactics they’ll employ.

Pump and dump schemes
This works along the same lines as some of the attacks on the greater market as a whole. Scammers will artificially inflate the price of certain stocks, then encourage unknowing traders to buy in (the “pump” phase). When the overvalued shares reach a zenith, the fraudsters dump their stock and reap the rewards. The traders caught up in the scheme will then quickly see their stock plummet.
Front-running
It’s becoming far too regular to see headlines relating to cyber criminals targeting organisations for their confidential information. When they are able to breach a system, the data which is stolen can be used to make informed decisions about whether to invest or sell stock in a business. While this is more of an issue for the specific company in question, it can have a direct impact on individual traders if they have stock in that business.
Personal data attacks
The very financial nature of the world of trading lends itself to more technologically advanced cyber criminals. While most of what we’ve discussed so far has related more closely to market manipulation, it would be wrong to overlook the threat of an online attack. Details stolen are usually related to sensitive financial information, like your bank account or card details. In some cases, though, stuff like your address might also be taken and logged. This is most often carried out through breaches in the broker platform you’ve chosen to trade with. While you won’t be able to control security issues on their end, you can do thorough research to decide which platform works best for you.
This might all sound alarming, but try not to panic. Keep reading if you want advice on how to both prevent and recover from one of these attacks.
Credit Card
Details stolen are usually related to sensitive financial information.

What they do with your private information

While it’s quite obvious what scammers get out of a pump and dump or front-running attack, in the case of individual data attacks things are a little different. Criminals will use your personal data for a number of reasons. Some of the most common include things like:
Selling personal information
If a criminal gets their hands on personal information like names, addresses and phone numbers, these can be sold in bulk. These data packages will be bought by a number of sources. They could be purchased by an individual looking to cloak their own online actions, or even a rival company looking to discover more about a business.
Commit identity theft
Likewise, a criminal might cut out the middleman and use someone’s personal info to adopt an alter ego. They can use information they’ve gathered to access your personal accounts, or again use your details to mask their own online activities – ensuring they don’t leave a breadcrumb trail.
Use the information on the market
In some instances a wily criminal might even use what they’ve learned for their own financial gain. If they have knowledge of the stock market, or a close contact who does, they could use the information they’ve gathered to make seemingly shrewd trading decisions.
Stealing Personal Information
Stealing someone’s personal info to adopt an alter ego.
Ultimately, they’re looking to adopt a hidden identity, to mask as much as they can about their own online interactions.

The risks of using an unregulated broker

Sadly, sometimes it’s those you work most closely with who can place you in danger. Brokers are ultimately in the business of trading stock to make money. Not all of them care if their actions directly result in a loss for other people. Most traders are protected because they use licensed brokers, who’ve been regulated by the Financial Conduct Authority. However, it isn’t totally uncommon for traders to go through unregulated brokers as well.

Naturally, this raises a number of potential risks. Broker fraud isn’t unheard of in these instances. Some of the ways this will happen include:

Unauthorised trading
If your stockbroker has ever made a trade on your account which you didn’t authorise, there’s a chance they’ve committed investment fraud. A broker should only ever trade on your behalf if you give them discretionary authority or permission to do so.
Stop-loss hunting
If you’re using an unregulated market maker, they’ll be able to trigger your stop-loss value – either prematurely, or by influencing the market value. That means if you bought shares for £50, and have a stop-less automatic sale value of £47, they’ll manipulate prices in order to force through a trade. They take commission on this transaction, which is what sees them profit illegally.
Signal sellers
These will promise quick and easy profits, citing a detailed knowledge of the market, with insider information. Often, someone will be asked to pay a fee to gain access to this insider knowledge. From there, what happens with your money is anyone’s guess. The broker could provide good advice, but equally they might give you nonsense.
Trading robot sellers
Robot traders are akin to something out of a sci-fi novel. Brokers will claim their AI have the analytical capabilities to spot gaps in the market, and make cutting-edge trades. In reality, any movement they carry out will be totally random – or potentially even damaging to you. Try to avoid brokers who use this as a part of their trading strategy, without any evidence to back up their claims. If it sounds too good to be true, it usually is.
Manipulation of bid and ask spreads
This is less common than it used to be, owing to the improved knowledge of most first-time traders. Before information was readily available online, it wasn’t uncommon for unregulated brokers to take too large a cut of commission on bids and ask spreads. With no regulation, it’s on the trader to know when they’re being exploited.
It’s important to note that just because you lost money after interaction with a broker, it doesn’t necessarily mean you’ve fallen victim to fraud. The market constantly fluctuates, and investments don’t always work out. However, if a broker has intentionally provided misleading or false information, you’ve become the victim of broker fraud. Don’t run the risk by using an unregulated service.

Unregulated brokers on the current market to avoid include:

  • AMFX
  • Banco FX or Banko FX
  • TFX Traders
  • Golden Green FX Limited

Don’t make the mistake of turning to a name you don’t know you can trust.

Robot traders are akin to something out of a sci-fi novel.
Man on Laptop
Chapter 3

How to protect yourself against cyber attacks

In a lot of cases, your personal data will be stolen as a result of a breach in security of the trading platform you’re using. As such, it’s important to understand the risks posed, as well as know what to look for when choosing the right platform for you.

Areas of cyber security management

Cyber security management can ultimately be broken down into four key sections. Each area consists of a variety of cyber security factors, which a trading platform needs to be in complete control of.
Govern
This is the area which focuses on ensuring there’s a strict cyber security policy in place. Someone within the infrastructure of the platform’s company needs to be managing security risks, and constantly monitoring both the policy and potential threats.
Prevent
This is arguably the most important aspect of data protection. The best way to fight cyber crime is to stop it from happening in the first place. This involves heightening security levels across the software as a whole to stop any potential breaches.
Detect
In the unfortunate event data is stolen, the sooner a platform knows about it, the better. A smart way of doing this is by running regular checks to see if a test agent penetrating the system triggers the desired response.
Respond
Once a problem is detected, a platform needs to respond. Ideally, there should be contingency plans in place to account for the worst – even if the software provider doesn’t think it’s likely to happen.

It’s important a trading platform has a strong hold over each of these facets of data security. But how can you know that one does?

What to look for in a trusted trading platform

We’ve looked at the key areas a digital platform needs to consider in order to safely manage your personal information. Now it’s time to work out if the software you’ve chosen to trade through can be trusted to do that. Do your research and ask as many questions about security procedures as possible. Using the four key areas of cyber security, let’s look at what you need to know about the platform you intend to use.
Govern Controls
The trick here is working out how the company stays on top of cyber security as a whole. Ask about staff’s knowledge of staying protected, as well as any risk assessments which are carried out to assess the software. Most importantly, do they have a formalised cyber security management procedure in place?
Prevent Controls
As the most important stage of any cyber security system, there are a lot of things to look for here. You’ll want to suss out if the platform uses password controls, as well as a secure authentication process. Do they test their security regularly? And is there effective management of the system as a whole?
Detect Controls
Ask about the steps which the platform takes to prevent data leakage, even if there is a breach. You might even want to find out how the system dealt with any leaks in the past, as well as how they followed up on potentially fraudulent websites or mobile applications.
Respond Controls
How does the platform react to a breach? Is there a data back-up plan? Will the problem instantly be handed over to an incident response team? As we’ve discussed, the speed at which someone reacts to a breach of data is a large determining factor in mitigating loss.

Be sure to assess each of these factors thoroughly. If you don’t feel convinced the platform is going to properly protect you, look elsewhere and repeat the process. Don’t settle for cheap rates in favour of a lack of security.

Crypto currency trading safety

Cryptocurrency was a revelation when it hit mainstream media back in 2017. While the buzz has definitely mellowed since then, it still remains a popular and viable asset to trade. Unsurprisingly, given the quantity of money being traded online, this has stood out as a target for hackers since day one. There have already been a huge number of hacks to date, stretching as far back as 2011. Some of the ways your money can be targeted include:
  • Your personal wallet being hacked
  • Your PC being attacked and bitcoins stripped
  • Sending money accidentally to the wrong person
You’d be right to be concerned about the potential dangers of such an attack. But don’t let it scare you. There are a number of proactive steps you can take to prevent this very real cyber threat from having too much of an impact on your finances.
Two-factor-authentication
Setting up this kind of security measure for any account associated with your cryptocurrency is a good way to stop hackers. It requires you to enter your regular password, followed by a one-time six digit code. This code only lasts for 30 seconds, making it much trickier for anyone to gain access.
Spread your currency across several wallets
While this snippet of advice doesn’t focus on outright protection, it is a good way of safeguarding. Spreading your assets across several pots means even if one falls victim to an attack, you won’t lose everything.
Include an ad blocker
A lot of phishing attacks are distributed through ads. That means the best way to prevent yourself from being targeted is to include an ad blocker on your personal device. That way you don’t ever have to worry about whether an advert you’re seeing is legitimate or not.
Find a secure email provider
Using a platform like Gmail means you’re giving permission for Google to store and track your activity. While you shouldn’t have to worry about anyone working for the search engine, it does mean there’s a recorded file of all your passwords and personal information. This could be attacked by a hacker. Instead, think about using a secure mail service like ProtonMail.
Stealing someone’s personal info
Stealing someone’s personal info to adopt an alter ego.
Use your own VPN
A Virtual Private Network works by cloaking your activities online. It hides your IP address, making it incredibly hard for anyone to track what you’re doing online. Most have military-grade security protocols in place, but can sometimes slow down your internet speed.
Cryptocurrency is still finding its feet somewhat on the global stage. Shrewd investors would do well to take advantage of that. Just be sure you’re taking all the right steps to protect your finances in the process.

Steps to protect your personal devices

While you don’t have as much control over cyber attacks targeted towards your trading platform, your personal computer is a completely different matter. It’s up to you to make sure this is protected from would-be criminals. Some of the best ways to do that include:
Boundary firewalls and gateways
A firewall will effectively prevent anything untoward from getting through to your system. It will alert you about suspicious downloads, as well as preventing your computer from connecting with malicious website domains.
Malware protection
Malware hides on your computer, feeding back information to a third party. A good malware protection system will establish and maintain defences which ensure that can’t happen.
Update all software
One of the biggest mistakes anyone can make is failing to update the software on their devices. These will often include patches, which plug any gaps left behind by programming oversights. If you don’t update, you’re leaving yourself heavily exposed.
Regular password maintenance
Don’t negate the need to regularly change and assess the strength of your passwords. Think about changing them once a month in order to heighten your personal security.
The responsibility of your own property is always yours. Follow this advice and you’ll make it considerably harder for a cyber criminal to make you a victim.
A firewall will effectively prevent anything untoward from getting through to your system.
Man on Laptop
Chapter 4

What to do if you become a victim of cyber crime

Sadly, sometimes even the best security measures can fall victim to an attack. Let’s now look at how this could impact both a trader and the value of stock, as well as the steps you need to take to recover.

The impact of a cyber attack on your stock value

Large scale attacks on the market as a whole can have a big impact on the value of your stock. But that doesn’t mean you should panic and sell up. Comparitech carried out an intricate and fascinating study, which highlighted what a trader can expect to happen when a company they have stock in experiences such a breach. There were a lot of fascinating results, but the most functional findings for traders were that:
Share prices reach an average fall of 7.27%, which usually occurs around 14 days after the initial breach.
Companies affected by a breach underperformed for the years following. While they did recover value, they were comparatively weaker against the NASDAQ.
Finance and payment companies experienced the largest drop in share price performance, with healthcare companies the least affected.
It takes about a month for share prices to rebound and catch up with the NASDAQ performance average.
The report ultimately found that while stocks did crash as a result of a breach, there was an eventual recovery. However, the stock still underperformed in comparison to the NASDAQ average. Smart traders might want to think about how they could benefit from that. If you notice a company’s stock has dropped as a result of a breach, waiting until 14 days after the initial attack before investing could see you make the largest profits.

What to do if you become a victim of data theft

While it takes calculated tactical decisions to recover from the impact cyber crime has on a company you trade stock in, it’s a different matter when your personal information is stolen. There are steps you can immediately take to reduce the damage.
Keep the evidence
Keep all shreds of evidence which relate to what happened. That means things like receipts, bills, cancelled cheques and even chatroom text messages if you have them. This information is all incredibly useful when it comes to proving your innocence.
Change all passwords
Once you know a breach has happened, it’s time to change all the passwords for your other accounts. That’s especially true if you have the same (or a similar) password for them as you do for whatever account was breached.
Close all credit accounts
Likewise, it’s important to close all accounts which are in any way related ones which have been breached. Let the banks know, and keep records of what’s been taken in the case of financial loss.
Once you know a breach has happened, it’s time to change all the passwords for your other accounts.
Report the crime
Tell the appropriate authorities about what’s happened. There may be more than one place you can turn to. We’ll look at the best institutions to get in contact with in the next section.
Once you know a breach has happened, it’s time to change all the passwords for your other accounts.
Ultimately, it’s important you know the exact channel to turn to when you become a victim. The speed at which you respond to a cyber crime can have a huge impact on how well you recover.

Turning to the authorities

Don’t delay in turning to a figure of authority once you’ve become the victim of a crime. It’s understandable if you’ve never experienced a cyber attack before that you might not know who to contact. Here is a list of some of the most useful names.
The police
Things have come a long way across the past couple of decades. While they might have struggled to comprehend the concept of cyber crime at the turn of the century, the police are now well versed in this breed of crime. Call 101, instead of the traditional 999, for a streamlined service.
Your bank
Naturally, there’s a good chance you’ve lost out financially in some way as a result of a cyber attack. Letting your bank know means you can be provided with emergency replacement funds if you need them. You may be asked to file a report of what happened with the bank in order to keep this money, although this isn’t always a requirement.
Action Fraud
These organisations are here to help, so be patient and clear with them about your problems. They’ll do whatever they can to help you recover any financial losses as soon as possible.