Critical do’s and don’ts of identity protection you need to know.

Identity Protection

digital keyboard with lock icon

The 2017 Identity Fraud Study, released by Javelin Strategy & Research estimates the number of people who have had their data exposed by a breach to be over 825 million in the last 10 years – 2.75 times the population of the United States. It’s no surprise that many of us have received multiple notifications that our data was exposed due to a breach. Given the probability that our data has been exposed by one or many breaches, we must transition from relying on hiding our data to making our data unusable. In this article we provide means to both make your data hard to find, and much harder to use.

Murray, Roberts & Otto has aligned with LibertyID, a leading identity theft restoration company. If one of our clients or their family suffers an identity theft problem (following contract initiation), LibertyID will provide complete identity restoration at no cost to the client.

What follows is a list of many steps and practices we recommend. They are ranked in two categories: absolutely necessary and highly recommend. The steps we identify as ‘absolutely necessary’ should be regarded as basic self-protection – like locking your car or house at night. You simply must to do these things. Not doing them will almost certainly cause you regret at some point in the future.

The steps we ‘highly recommend’ may not prove necessary for all readers of this article, but for a certain few these steps may prevent an unwanted attack. Consider these steps your options for upgraded security. These steps are not listed in order of priority.



  • Never click a link contained in an unsolicited email. Frequently scammers establish email addresses that include the names of prominent companies, like Microsoft or E-Bay, giving them a trustworthy appearance. Even an email from a friend can be the result of a virus contracted on their computer. Once a bad link is clicked, a virus can load itself into your system that will collect all of your user ids and passwords. Many of the worst viral attacks on businesses and individuals begin this way.

  • Have a high quality antivirus and anti-malware software installed on your personal computer, and be sure it’s kept current with updates. We do not recommend using the software pre-loaded on your computer when you purchased it.

  • Never email documents containing sensitive personal information (such as tax documents, tax returns, social security numbers, etc.) Forward documents to your bank or advisors through secure encrypted web portals (we have one).

  • Change your online banking access to require the entry of a passcode that is sent to your cell phone by text or email each time you attempt a login. This makes accessing your bank account online impossible without having access to your cell phone or email account.

    • Be vigilant.

    • Keep your eyes open for mail or emails notifying you of attempted address changes or password changes that you haven’t requested. This is an indication of an attempt to change your account information or mailing address.

  • Review your bank statements and credit card statements for unauthorized transactions.

  • Shred paper documents containing sensitive personal information before recycling.

  • Forward any IRS letters requesting additional information to your CPA immediately. The IRS will never contact you by phone.

  • Be wary of free offerings. Prize winnings, free memberships, free downloads, or other free offerings are often Trojan horse approaches to collect your personal data. Before you can receive the free offering, you are required to complete their application or membership form. Some of these fraudsters still operate by phone and will attempt to call you with similar offers.

  • Do not access your financial websites or other sensitive data on public networks. For example, do not log into your bank or credit card website while sharing the Wi-Fi network at your favorite coffee shop. A fraudster can mimic a common network that your computer recognizes, causing all of your activity to pass through his computer first.

  • Change your login password on your personal computer and other key financial websites regularly (at least every 90 days) to something that looks like gibberish and has no mathematical relationship to you or your family (no permutations of birthdates, addresses, etc.) A good password looks like “Ghy579vbn?” not “BobandMary72” or “1234” (heaven forbid!)

hands typing on a laptop


  • Lock your credit with the three primary credit reporting agencies. This can be done online through the following websites, and can also be accomplished by mail. Each of these services also sells credit monitoring services which they market on their websites as ‘lock your credit,’ which you may choose to do as well – also recommended – but this is a different recommendation. If you have been notified that your personal information has been exposed due to a data breach, we strongly recommend this for you. Here are the links to the agencies:

    • Experian Scroll down landing page to ‘How can we help you?’ section and choose Security Freeze or Fraud Alert, or call 1-888-397-3742.

    • TransUnion freeze to freeze your TransUnion credit, and TransUnion fraud alert to place a fraud alert. TransUnion has a nice product called TU Credit Lock which allows you to lock and unlock your TransUnion and Equifax credit report from your computer or mobile device. Setting up the account does require entering your credit card information, however the service appears to be free of charge.

    • Equifax and select ‘Set-Up a Fraud or Active Duty Alert’ or ‘Place a Security Freeze’ from the list center page.

  • Contact your bank and request upgraded security procedures. Your bank can require 2 forms of identification for any personal transactions and can establish a personal password to be used for any telephone contact. If you have been notified that your personal information has been exposed due to a data breach, we strongly recommend this for you.

  • Load files containing sensitive data to secure encrypted websites and remove them from your computer, or load encryption software on your machine to protect your sensitive files. This may be one of the best steps you can take. Securing your data with file encryption effectively protects your data even if your security has been breached.

We wanted to highlight many of the steps we are most concerned with, however this is not an all-inclusive list. Find more information at


Brian Murray

Brian has been in public accounting since 1997. Prior to that he was in finance at Kimberly-Clark Corp., audit at M&I Bank Corp., and accounting manager at Browning-Ferris Ind. Brian’s areas of specialty are estate and trust tax and business valuation.

Track Your Refund

Check your State Refund