Protect your castle!
Credit: Public domain

How to implement a million dollar security team for your personal finances

Background: I have been employed as an Information Technology professional since 1987 and certified as a Law Enforcement officer since 2000. During that time, I have been responsible (either solely or as a key decision maker) in protecting the assets of companies ranging in size from $1 million to $2+ billion dollars, in a variety of industries, and within the scrutiny of a variety of audit standards.

During that time I discovered that, although the names of the products and / or techniques changed frequently, the underlying concepts were the same. In this article, I will present a high level view of the 5 most important tactics and how they translate to your personal life.

I have listed the tactics below, each one followed by an Analogy to help you understand the concept, along with an Application to understand how to apply this to your personal finances.

  1. Isolate - Enterprises take great measures to isolate, both physically and virtually, to the greatest extent possible. Servers, users, and applications are all limited as to who else they can interface with and specifically how they are allowed to interact. As a result, even if a thief is able to compromise an application or server it does not give them the "keys to the kingdom".
  • Analogy - Think of bank safe deposit boxes. Even if you manage to steal a key and break into a bank, each of the boxes have individual locks so you can only steal from the boxes you have keys to.
  • Application - Every login i.d. you use should have a separate password. The tendency is to pick a password that you feel is "good" and then use that password at every site. In doing so, you allow a hacker that steals your user name and password at a low security "casual" website (i.e. a message board or hobby website" and then use those same credentials at other websites. 
  • Audit - Enterprises place great faith in their processes and tools, but not complete faith. To supplement the passive measures, logs and messages must be actively reviewed to make sure nothing or no one slipped through. Although not always a real-time detection, it prevents a thief from having time on their side. ANY system, regardless of strength or security, can eventually be compromised given enough time.
    • Analogy - Think of when you check on your children or pets after you've tucked them into bed at night. You know that you tucked them in, that they are safe in their room or crate, but that extra check only takes a few seconds and allows you to verify that they are safe.
    • Application - You should check transaction activity on every open account at least ever month if not more often. I recommend doing so daily (don't worry, there are free tools that make it effortless) as the quicker you can detect a thief the less damage they have time to cause. This includes your checking account, savings account, and most importantly, all credit cards including the ones you "never" use.
  • Automate - Humans are the #1 source of human error. You can count on humans to come up with ways to "accidentally" get around the best security in the world, and you can be confident in the fact that humans will make mistakes. The length of time between mistakes is proportional how complex the task iw and the frequency of exceptions. Therefore, the ideal model is to automate the repetitive tasks and use humans to check the automation.
    • Analogy - Think of the spell check feature in your word processor. Very few people intentionally misspell a word, yet how many documents have you written a document without a misspelled word? Spell checkers automate the process and escalate exceptions to "the human" to react accordingly.
    • Application - Automate as much as possible so you can focus on the exceptions. This includes downloading your activity when possible (instead of relying on manual entry), using a program or website to reconcile your balances, and taking advantage of the free websites that provide an analysis of your transactions.
  • Alert - Humans have a finite amount of time in a day and a finite number of things they can effectively look at, listen to, work on, and think about. It is neither cost-effective nor prudent to rely solely on human intervention when anomalies are detected. As a result, companies setup applications that "listen" to the automation tools and / or look for items that match predetermined rules. When an item of interest is detected, the application will immediately notify personnel, often keeping track of the notification and escalating to different / additional people if not acknowledged within an appropriate timeframe.
    • Analogy - Think of a weather radio. Humans have the ability to check weather reports 24 hours a day, seven days a week but seldom do as severe weather is sporadic and can often occur when we are preoccupied or even sleeping. Weather radios, in response to an alert from weather monitoring services, proactively alert us when there is something we need to pay attention to.
    • Application - Take full advantage of the alerting capabilities included with your online tools and banking institutions. Most banks offer low balance alerts as well as alerts when a transaction exceeding a dollar value is made. The online tools I use will also alert me when suspicious activity is detected, a finance charge is made, or if an address change is made on any of my accounts.
  • Archive - Enterprises know that, even with all the above tactics in place, sometimes the thief wins. When that happens everything shifts from a defensive posture to an offensive posture as it becomes an all race to analyze the breach, find the thief, work with law enforcement to catch the thief, and give the proof needed to make sure damages are recovered and punishment is levied.
    • Analogy - Think of any criminal case you've ever seen on TV or perhaps been affected by. In each of those cases the holy grail is the "smoking gun" that undeniably links the criminal to the crime. The court system loves prove, and few things are as persuasive as cold, hard data that has been preserved and unaltered.
    • Application - I highly recommend switching to electronic statements for a variety of reasons, not the least of which being ease of storage. Most institutions will store at least of year of statements for you and the online tools I use allow for at least 5 years, sometimes allowing for infinite storage. When you detect a thief, it is imperative that you be able to produce proof to law enforcement and the ability to give a history of their activity or "tracks" are extremely hopeful.

    Thanks for reading this article. I hope you were able to find at least one tip to put to good use and perhaps prevent a future theft.