News & Events

Cybercriminals don’t discriminate when it comes to which businesses they target. Organizations of all sizes and industries are vulnerable to a potential cyberattack, which could result in stolen funds, ransom demands and steep costs to remediate damage.

Two in five small and midsize businesses have been the victim of a ransomware attack, and 43% of cyberattacks target small businesses, according to global research organization Ponemon Institute's "The 2019 Global State of Cybersecurity in Small and Medium-Sized Businesses." Unfortunately, the rate in cybercrime has only increased since the start of the Covid-19 pandemic.

There are many ways businesses can help protect themselves from the plethora of cybercrimes to which they may be vulnerable. Here, we offer tips specifically related to protecting business bank accounts from the most common types of cybercrimes.

Know your risks

Two common ways cybercriminals target businesses’ financial accounts are corporate account takeover and business email compromise.

Corporate account takeover occurs when a cybercriminal illegally accesses business bank accounts electronically, which can result in monetary loss due to fraudulent transfers. Criminals succeed by tricking employees to provide account access or confidential information, such as account login credentials.

For example, clicking on a fraudulent link that downloads malware to a company computer or providing sensitive information on social networking sites to a criminal who appears legitimate are a couple of traps employees could fall into.

Business email compromise is a sophisticated scam that uses legitimate email accounts to steal money or personal information from a business. They target businesses that use wire transfers, foreign suppliers and invoice transactions.

For example, cybercriminals may hack into an employee’s email address and use it to request a large wire transfer from an employee responsible for your company’s finances. Because the email looks legitimate, the employee may accidentally transfer money into the criminal’s account.

How to protect your business

One way to mitigate cybersecurity risks is to enroll in online banking with cash management services with your commercial bank. This suite of solutions should offer various ways to help detect and prevent cybercrime, including:

• Cash management with positive pay, which allows for daily monitoring and reconciling of bank accounts. A designated business representative compares ACH and check transactions presented for payment to the company’s authorized transactions on file. This will help businesses more quickly detect and prevent ACH and check fraud.
• Cash management service that features dual-authorization, which enables businesses to require multiple approval levels when initiating ACH and wire transactions. This means one person with the company initiates the transfer and a second employee must approve it. When outgoing transactions can occur with only one person’s approval, there’s a greater chance a cybercriminal will succeed in the theft.
• Customer call-backs on certain wire transfer transactions. This process requires a bank staff member to call a representative of the business to verify the wire transfer request. This will help confirm that the request is legitimate and didn’t come from a cybercriminal.

Another way to protect your business bank account from cybercrime is to establish best-practice internal protocols.

It goes without saying that having multi-layered cybersecurity solutions protecting your IT network and devices are a good first step. In addition, require that employees use multi-factor authentication for all cloud-based business applications. Also, consider establishing mobile device best practices, such as requiring password protection on company devices and setting a protocol for lost and stolen devices.

In addition, establish internal processes and procedures for paying invoices, approving wire transfer requests and other activities where funds are leaving a company bank account. Checks and balances will help staff detect whether requests are legitimate or whether they’re coming from a cybercriminal.

Lastly, employee training is a critical element in protecting your business from cybercrime. A joint study from Stanford University Professor Jeff Hancock and security firm Tessian called "The Study of Human Error" revealed that nearly 90% of data breaches occur because of human error, such as an employee accidentally downloading malware to their work computer or unknowingly acting on a fraudulent request. Regular cybersecurity training will empower staff to better identify and avoid engaging in fraudulent activity, thereby helping to protect your business and customers.

Learn more about how to protect your business’ finances from cyberattacks by reading American Momentum Bank’s Customer Security Awareness materials.