A suggestion to get brokerages to clarify their security protocol

Discussion in 'Networking and Security' started by theakson, May 16, 2021.

  1. theakson


    Hi all
    I contacting all my brokerage account with the following request for OFFICIAL, on the record, clarification related to my accounts in the event of a RANSOMWARE or DOS attack that renders their support systems unreachable. If you can't get your money out OR cancel your trades then you have a BIG problem. Thought it might be interesting to others to do the same.

    To whom it may concern,

    We have accounts with { BROKERAGE NAME } and want to know SPECIFICALLY what happens to the money if {BROKERAGE NAME } is the victim of a cyber attack. Right now we can set up an ACH transfer and move ALL the money out of the accounts very quickly. So in the event of a RANSOMWARE or DOS attack what would happen to our ability to:

    1 exit ALL our positions using single VALIDATED instruction from us to {BROKERAGE NAME}. NOTE assume we would NOT have access to the {BROKERAGE NAME} site!

    2 transfer ALL our money to a linked bank account based on a single VALIDATED instruction from us to {BROKERAGE NAME} . NOTE assume we would NOT have access to the {BROKERAGE NAME} site

    Just to be CLEAR on the SINGLE VALIDATED INSTRUCTION process. This is one in which we EMAIL a completely separate entity to initiate the instructions in 1 and 2 above should {BROKERAGE NAME} cease to be operational, meaning NO SUPPORT SYSTEMS.
  2. jharmon


    lol - if their systems are compromised because of a ransomware attack the last thing they'd let happen is let you or anyone else do anything via a thid party.

    You need to assume:
    a) Your open positions are left open.
    b) Orders placed and visible on the order book on the exchange will be executed if they hit the prices.
    c) Your cash is unavailable for weeks.

    You need to:
    1. Minimize your risk - have multiple broker accounts.
    2. Develop a hedging strategy if one of those brokers is compromised in any way (system failure, terrorist attack, ransomware etc.)
    3. Use an independent data source (or two) to verify your order flow.
    4. Have a plan to contact the brokerage by telephone with exact terminology prepared in advance to close out positions (sell MOC to close X position, buy at market to close Y position, cancel order Z etc.).
    5. Practise and refine #4

    Fail to plan = Plan to fail.
    fan27 likes this.