Unfortunately, an army of opportunists is after your money. Don’t expect banks, credit card companies or the government to protect your money. You will have to do that yourself. But we as cybersecurity professionals are sharing our experience and providing you with 15 tips for protecting your family’s money NOW.
REMEMBER: Most cyber attacks are crimes of opportunity and if you are more secure than the next person, the hacker will likely move on and skip you.
1. Don’t keep more than US$250,000 at any one financial institution. The FDIC protects you against the loss of your insured deposits if an FDIC-insured bank or savings association fails. The SIPC protects against the loss of cash and securities at SIPC-member brokerage firms.
Different agencies, different limits, different rules. Go here for more info:
2. Keep some cash out of the banks. The FDIC has US$41billion in reserves. The U.S. banking system has US$9trillion in deposits. Obviously, if there is a serious banking system problem, there is not enough liquidity. Maybe all the brilliant people up there can sort things out and everybody will be happy and safe. Hope for the best, plan for the worst. Have a cash stash.
3. Keep valuables and cash in a safe deposit box. See #2 above.
4. Use multi-factor authentication for online banking. If you are doing online banking, when you sign in you should be using two-factor authentication. That means that in addition to a password, you will need another code of some kind…another form of authentication. Most of the time this is a text message code which is sent to your cell phone. This is pretty good, and better than not using it, but text messages are not very secure. Many banks now offer secure ID fobs. They are small devices about the size of a USB drive that generates a numeric code. Instead of using a text code as your second factor, try to use this secure ID fob code as your second factor. It is more secure and is very simple to use. Ask your bank if they offer this.
There is software that emulates what the fob does and runs on your phone. Facebook Authenticator, Google Authenticator and Authy are three examples of this. Any of these are more secure than text messages. This may be another option that your bank offers, but any option mentioned above is better than just a password.
5. Access online bank accounts through preset bookmarks. Set-up and use bookmarks rather than clicking email links or typing in web addresses for online bank accounts. Malware infection via email is a very common attack method, as are look-alike phishing sites that choose URLs similar to banks.
6. Set up tight controls for how money can be transferred or wired out of your bank accounts. You want to make it very difficult or impossible for someone else to transfer any money out of your bank account(s). Go to your bank and set it up that so the only way your money can be transferred out is if you are there and provide a verbal code and your signature. Require multiple approvals before money can be transferred out of your accounts.
7. Set up automatic bank alert for notifications of withdrawals and other transactions. You can go online to your bank and set up alerts…either email, text messages or both…for a wide variety of transactions. Withdrawals, deposits, when your balance gets low…you will have many choices. This is all free and it will keep you informed about what is going on in your account(s).
8. Avoid writing paper checks. When you write a paper check, you are handing someone all your bank account information…and your signature. What could go wrong? Instead, use a credit card or your bank’s online bill pay service to make that payment. With credit cards, the banks assume the risk if your card is stolen or lost. If you use your bank’s online bill pay service, your bank account information is not revealed on the check—the check is from the bank to the payee. And you don’t have to pay postage.
9. Don’t use debit cards – use credit cards instead. The legal protections for debit card fraud is much weaker than for credit card fraud. If you have a Visa or Mastercard branded debit card, select credit when you use it and don’t use your PIN. That will make your debit card act like a credit card and give you the protection you get with a credit card. The money will still come out of your bank account immediately.
10. Put a credit freeze on Equifax, Experian, and Trans-Union. This could be a problem if you are in the middle of trying to get some credit, but for the foreseeable future, this is a good precautionary measure. Hopefully, the three major credit bureaus are in a scramble to clean up their acts. Let’s lay low for a while. If you request a freeze at one bureau it transfers to all three, so you only have to do it once.
11. Check your credit reports regularly. The feds require each credit bureau to give you one free report per year. The three reports are very similar, so you can stagger them. For example, get a report from Equifax in January, a report from TransUnion in May and a report from Experian in September…this basically covers you for the year. And then repeat in January. Also, some states (including Colorado) require the bureaus to give you another free report. So you could get a report every 60 days for free. This provides good rolling coverage about what these guys have on you and alert you if something doesn’t make sense.
12. Consider credit monitoring and ID theft recovery services. Lifelock and Experian are the two big players here. If you are going to do this, be sure they include the ID breach resolution/ID theft recovery services. They have personnel and experience to help you resolve ID theft issues. It is important to understand that these services will not actually write you a check for your losses; they will only spend money on trying to help you recover your money from someone other than them. They are NOT insurance.NOTE: Many homeowner’s policies like Allstate offer that service for very low fees as a rider to home owner’s or other policies. Check with your insurance company.
13. Never click on links or attachments in emails unless you know EXACTLY where they are from. You hear this warning all the time. Why are you still doing it?
14. Never permit access to your computer from someone you do not know. There are many very sophisticated thieves who will try to trick you into giving them access to your computer. A common trick right now is to pose as your cable company and tell you that they see a problem with your cable modem and they need to fix it. But first, they need access to your computer. Don’t do it!
15. Talk to your kids about these issues. They are part of the family team and they have access to your various computing devices. Bring them into the conversation and train them to be very vigilant and to report to you any suspicious activities they see.
Written by Ray Hutchins and Mitch Tanenbaum, Partners CyberCecurity, LLC