everyday ways to protect your small business account

What to look for and what to do if a breach occurs

Many small business owners think of their companies as their babies, but here’s a hard fact: those babies don’t get the same federal protections as their “parents.”

Regulations that safeguard financial accounts from fraud don’t cover business accounts, only personal ones. And every year, it’s estimated more than 10% of small businesses are victimized by fraud and hacks, according to Gartner, resulting in a loss of more than $2 billion from their accounts.¹

These scams range from ransomware and phishing to fake checks and tech-support schemes. But there are many ways a criminal will try to breach the nation’s 30 million plus small business accounts. For example, scammers have posed as government agencies, credit card companies, banks, advertisers, and even awards presenters.²

Never forget: The culprits are determined and creative

So, business owners must be equally determined. Thieves attempt to take over small business corporate accounts through a variety of means. They may add fake employees to payroll to illegally transfer funds or steal sensitive information.³

The following tips, recommended by the American Bankers Association (ABA), the Federal Trade Commission (FTC),⁴ and the U.S. Chamber of Commerce, can help keep a company’s accounts safe.

• Educate the entire staff. If feasible, a company’s leaders should appoint a dedicated person or team to oversee fraud prevention. This would entail regularly updating everyone on staff – possibly even trusted vendors – about warning signs, best practices, and action plans in the case of a suspected account takeover.
• Invest time in digital protections. Because so much of business relies on digital commerce, we are breaking down these precautions by steps:
  • Back up all important files offline, either on an external hard drive or in the cloud. Sensitive paper files should be stored under lock and key, ideally in a fire-proof cabinet, or offsite with a third-party provider.
  • Require complex passwords of at least 12 characters that are a mix of numbers, symbols, and both upper- and lower-case letters. These passwords should not be shared on phones, in texts, or by email. Companies can also limit the number of unsuccessful log-in attempts to discourage attackers.
  • Encrypt all communications that include sensitive personal information. This extends to laptops, removable drives, backup tapes, cloud storage, and smartphones. Please note, 57% of scammers have contacted their small business targets by phone, according to the Better Business Bureau.⁵
  • Multi-factor authentication, which requires additional steps beyond logging in with a password, will further hinder unauthorized access to sensitive information. Note that multi-factor authentication might require a temporary code on a smartphone or a key inserted into a computer.⁶
• Know with whom you’re dealing. 53% of small business owners say the parties that scammed them pretended to be someone they trusted.⁷ When considering doing business with new entities, small business owners should research them online along with terms such as “complaints” and “scam.” They also should screen reviews for valid recommendations.
• Limit transaction sizes and authorization. Companies can cap the amount of money that can be withdrawn in automated clearinghouse (ACH) transactions, such as payroll. This will help stop efforts to empty an account via ATM.⁸ Small businesses should also limit the number of people permitted to place orders and pay invoices.

Lastly, talk with your banker regularly for updates on fraud monitoring and prevention products that can protect your business from unauthorized transactions. Our proactive fraud protection tools include Positive Pay services, which monitor checks for authenticity, send daily lists of checks presented for payment, and filter all automated transfers and debits.

If your company detects unexplained account or network activity, immediately contact your banker, stop all online interactions, and remove any systems that may have been compromised. Keep records of what happened.

Resources to keep your company safe

For more tips on protecting your organization from scams, visit the FTC’s small business protection site.

Further information on how to protect your small business can be found in this report by the ABA and the FTC.

If you believe your company was the target of an account breach, a complaint can be filed with the FTC here. You also can alert the state attorney general’s office. State-by-state contact information can be found on this NAAG.org page.