While the Equifax mess is being sorted out…

Expert advice from Ray Hutchins of CyberCecurity…

As security experts, we have given this some thought and present you with a list of eleven things you can do quickly that will reduce the odds that corporate or other thieves can steal your money.

REMEMBER: Most cyber attacks are crimes of opportunity and if you are more secure than the next person, the hacker will likely move on and skip you.

1. Don’t keep more than $250,000 at any one financial institution. The FDIC protects you against the loss of your insured deposits if an FDIC-insured bank or savings association fails. The SIPC protects against the loss of cash and securities at SIPC-member brokerage firms.
Different agencies, different limits, different rules. Go here for more info:


2. Keep some cash out of the banks.  The FDIC has $41B in reserves. The U.S. banking system has $9T in deposits. Obviously, if there is a serious banking system problem, there is not enough liquidity.  Maybe all the brilliant people up there can sort things out and everybody is happy and safe.  Hope for the best, plan for the worst.  Have a cash stash.

3. Keep valuables and cash in a safe deposit box See # 2 above.

4. Use multi-factor authentication for online banking. If you are doing on-line banking, when you sign in you should be using two-factor authentication. That means that in addition to a password, you will need another code of some kind…another form of authentication.  Most of the time this is a text message code which is sent to your cell phone. This is pretty good, and better than not using it, but text messages are not very secure. Many banks now offer secure ID fobs. They are small devices about the size of a USB drive that generate a numeric code. Instead of using a text code as your second factor, try to use this secure ID fob code as your second factor. It is more secure and is very simple to use.  Ask you bank if they offer this.

There is software that emulates what the fob does and runs on your phone.  Facebook Authenticator, Google Authenticator and Authy are three examples of this.  Any of these are more secure than text messages.  This may be another option that your bank offers, but any option mentioned above is better than just a password.

5. Set up controls for how money can be transferred or wired out of your bank accounts You want to make it very difficult or impossible for someone else to transfer any money out of your bank account(s). Go to your bank and set it up that so the only way your money can be transferred out is if you are there and provide a verbal code and your signature. This will slow down any gangsters.

6. Set up automatic bank alert notifications of withdrawals and other transactions.  You can go online at your bank and set up alerts…either email, text messages or both…for a wide variety of transactions. Withdrawals, deposits, when your balance gets low…you will have many choices. This is all free and it will keep you informed about what is going on in your account(s).

7. Avoid writing paper checks. When you write a paper check, you are handing someone all your bank account information…and your signature.  What could go wrong?  Instead, use a credit card or your bank’s online bill pay service to make that payment.  With credit cards, the banks assume the risk if your card is stolen or lost. If you use your bank’s online bill pay service, your bank account information is not revealed on the check—the check is from the bank to the payee.  And you don’t have to pay postage.

8. Don’t use debit cards – use credit cards instead.  The legal protections for debit card fraud is much weaker than for credit card fraud. If you have a Visa or Mastercard branded debit card, select credit when you use it and don’t use your PIN.  That will make your debit card act like a credit card and give you the protections you get with a credit card.  The money will still come out of your bank account immediately.

9. Put a credit freeze on Equifax, Experian, and Trans-Union  This could be a problem if you are in the middle of trying to get some credit, but for the foreseeable future this is a good precautionary measure. Hopefully, the three major credit bureaus are in a scramble to clean up their acts. Let’s lay low for awhile. If you request a freeze at one bureau it transfers to all three, so you only have to do it once.

10.  Check your credit reports regularly. The feds require each credit bureau to give you one free report per year. The three reports are very similar, so you can stagger them. For example, get a report from Equifax in January, a report from TransUnion in May and a report from Experian in September….this basically covers you for the year and then repeat in January. Also, some states (including Colorado) require the bureaus to give you another free report. So you could get a report every 60 days for free. This provides good rolling coverage about what these guys have on you and if something doesn’t make sense.

11. Consider credit monitoring and ID theft recovery services Lifelock and Experian are the two big players here. If you are going to do this, be sure they include the ID breach resolution/ID theft recovery services.  They have personnel and experience to help you resolve ID theft issues. It is important to understand that these services will not actually write you a check for your losses;  they will only spend money trying to help you recover your money from someone other than them.  They are NOT insurance.

NOTE: Many homeowner’s policies like Allstate offer that service for very low fees as a rider to home owner’s or other policies. Check with your insurance company.


This list should get you started and put you ahead of the pack when it comes to being proactive about protecting your money. If you have some more ideas, please let us know what they are.  Pass this list on to family and friends.


Cybercecurity is one of ICM’s key strategic partners.  Cyber risk is manageable if a company approaches cyber risk strategically and operationally. This effort must start with the top leadership –  the Board and the C-Suite. Our experts will work with business and IT leadership to create, manage and execute a cyber risk mitigation strategy that your organization’s leadership will embrace – supporting your business mission and goals, while respecting budget realities. We align your cyber risk mitigation program with the ISO 27xxx international standard and the NIST Cyber Security Framework – providing you with a trusted model that will improve your organization’s cyber risk position, gain leverage with vendors, reassure security-conscious customers, and give you an edge over competitors.  www.cybercecurity.com