Cybersecurity
September 2019
SageTrader, LLC encourages all of its customers and associates to be diligent in protecting their identity and accounts.
Clients should note the following ways to help protect accounts:
- Change various login passwords regularly for trading platforms, account statements, and other systems related to clients' trading accounts. Follow the instructions for using various combinations to establish a strong password.
- Avoid using the same password for multiple accounts.
- Keep account logins, passwords, PINs, etc., private, and do not store them on the hard drive.
- Keep the computer's operating system current to ensure the latest level of protection.
- Use strong antivirus and firewall protection on computers and configure security settings to receive automatic updates for antivirus, anti-spam, and spyware software.
- Use an owned computer rather than a public or shared computer to access financial, trading, and sensitive accounts.
- When finished, log out completely and close the browser.
- Exercise extra caution when using wireless connections to access personal information.
- Be cautious of email attachments from unknown sources and emails conveying a sense of urgency, asking to click on links contained in the email.
- Review account statements regularly to ensure there is no unauthorized activity.
- Immediately report to SageTrader any email or notice requesting information about the account, including the account number.
- Report immediately to SageTrader if any personal or business email account has been compromised.
- Notify SageTrader immediately when the address of record, phone number, or email changes. SageTrader will require a signed form indicating these changes.
- Respond immediately to any IRS notices regarding the possible misuse of your Social Security number.
- Be extremely careful when disclosing personal information on social media sites.
Firm API Traders:
- Ensure your infrastructure is up-to-date with the latest best practices for firewalls, intrusion detection, and protection against elements like DDoS attacks.
- Establish a procedure for evolving code and managing the release lifecycle.
- Set up intraday monitoring and logging capabilities to detect unusual activity.
- Implement additional risk checks on top of what your broker-dealer provides for an additional layer of safety and security. Sample checks include, but are not limited to:
- Excessive Messaging Alert
- Per Order Settings:
- Max quantity, max notional value
- Order price vs. bid/ask market data
- Max orders per side
- Trading session settings:
- Max orders per second, fills per second
- Max orders per day
- Max shares/options traded on the day