10 tips for protecting your business's financial information

Technology offers many benefits to businesses, but those benefits are not without risk. The FBI reports that in 2020, the Internet Crime Complaint Center received over 790,000 complaints, with reported losses exceeding $4.1 billion.

In today's digital world, it's important to be proactive about protecting your organization's financial information, says Mark Williams, Head of Business Banking Treasury Sales at Citizens.

“In addition to the monetary losses, cybercrime can also cause continuity and reputation problems for businesses,” notes Williams. “Victims may need to close existing bank or credit accounts and open new ones, and they'll also need to inform vendors and customers of the breach.”

In the Association for Financial Professionals (AFP) 2021 Payments Fraud and Control Survey, checks and wire fraud were cited as the payment methods most susceptible to fraud by 66% and 39%, respectively. Thirty-four percent cited Automated Clearing House (ACH) debits, 24% corporate/commercial credit cards, 19% ACH credits, and 6% extortion due to ransomware.

“In times of economic uncertainty, fraud typically rises,” Williams says. “With more people working remotely, and the use of electronic channels and payments increasing, the risk of cyber fraud is compounded.”

For many businesses, cyber safety is still a blind spot, says Williams. “Most are now aware of the problem, but many still don't have a plan in place to mitigate threats.”

Williams suggests 10 ways businesses can help keep their financial information secure.

1. Review your processes. Look holistically at your payment and data systems to identify where you might be vulnerable. If you don't have an IT lead who can spearhead the effort, it may be worth hiring a cybersecurity expert to analyze your processes and suggest updates. Your business banking partner can also help by showing you ways to make your payment systems more secure.
2. Digitize payments. Move as many of your payments as possible away from paper checks to electronic options, such as credit cards, bank-to-bank ACH transfers, or virtual cards. “Digital payments have more controls in place to keep your information secure,” Williams says. Virtual cards — which allow you to randomly generate a 16-digit number that only can be used for one specific amount and transaction — are a good option for payments made to regular vendors, he adds.
3. Enable Positive Pay. For payments that need to be made by paper check, Williams suggests employing Positive Pay. This fraud protection service matches the dollar amount of a check, the check number, and the account number presented for payment against checks issued by the business to help ensure only authorized payments are made.
4. Reconcile your accounts often. Check your banking and credit accounts at least once a week to make sure all transactions are authorized and valid. And at least once a month, check your credit report to make sure nothing unusual has happened, such as a new line of credit being opened in your name. If something looks suspicious, report it to your bank immediately.
5. Separate business and personal finances. If you haven't already, create separate personal and business checking, savings, and credit accounts. This will isolate your personal information in the event of a breach and help you manage your business as a stand-alone entity.
6. Create secure login processes. Even if only one person in your company signs in to your accounts, enable two-factor authentication. This alerts you if someone unauthorized is trying to access your information, giving you time to lock it down if there is a problem. If possible, access your accounts only through a VPN — never use public-access Wi-Fi, which is not secure. And change your passwords regularly. Williams suggests using a password management system or app that will encrypt and save your passwords, and update them on a regular interval, such as 20 days.
7. Keep your systems current. Update your software and operating systems at least once a month. “Often, when companies like Microsoft issue updates, it's to fix holes in security,” Williams says. Also, run antivirus software weekly, and put firewalls in place. These will block unauthorized content — for example, they could deny access to IP addresses that may seem suspicious. And if something does get through, a firewall can prevent malware from interacting with your systems before it's removed.
8. Offer employee training. Research from Stanford University shows that 88% of data breach incidents are caused by employee mistakes. Educating your team on cybersecurity threats and their role in mitigating them may help your company prevent costly mistakes. The U.S. Department of Commerce's National Initiative for Cybersecurity Education offers resources on free and low-cost employee cybersecurity training.
9. Remember, knowledge is power. Read industry publications and websites to stay on top of emerging security threats to financial systems and how to mitigate them. The Association for Financial Professionals (AFP) and ASIS International, an association for security professionals, are both good resources for information, as is the Federal Reserve website.

Creating a document with all your security protocols clearly explained will help ensure your team is consistently following best practices, says Williams.

“Adding additional security protocols can feel time consuming, but it will protect your financial health and save you a lot of headaches in the long run.” If you have questions on how to make your financial and payment systems more secure, your business banking partner can help.