Skip to main content
FMB Logo Header Desktop
FDIC-Insured - Backed by the full faith and credit of the U.S. Government
Scroll To Top

Blog Detail
A team of diverse coworkers helping to prevent cybersecurity fraud

When you open your own business, you’re prepared to take on a certain amount of risk – lack of customers, cash flow, slow markets. But what about cybersecurity risks? For businesses, cybersecurity attacks aren’t a matter of “if” – they’re a matter of “when.” Are you prepared to push back against cyberattacks? And how do you know you’re taking the necessary steps to rebuff cyber criminals?

Jason Hoffman, Director of Treasury Management with First Merchants Bank, lays out five cybersecurity best practices to help you stay one step ahead.


1. Continual Employee Training

Training your employees to spot phishing attempts, lock up data, and use proper password management can go a long way toward keeping your business safe from cyberattacks. But Jason said that many companies often forget that this training needs to be ongoing – not just something covered during onboarding.

“I often see businesses that do a great job training new employees, but they don’t provide tenured employees with opportunities for ongoing education,” he explained. “That continual training is so important because fraud tactics change – so tenured employees need to be educated on new trends and fraud tactics in their industry.”


2. Implementing Multi-Factor Authentication

Another step to prevent fraud is to make sure that your systems have multi-factor authentication (MFA) enabled. This includes payment systems, bank account access, and signing into your work’s network when employees work remotely.

“Having MFA in place makes it harder for bad actors to gain access to your systems in the case that someone’s login credentials are compromised,” Jason explained. “It also helps verify the identity of all employees using the system. It’s just an added layer of security that can go a long way to stop fraud, as cybercriminals would need a username and password as well as access to an employee’s phone.”


3. Use Strong, Well-Hidden Usernames and Passwords

The first line of defense for preventing fraud is to make sure all your employees have strong usernames and passwords. If needed and if you are able, consider setting password requirements for your employees – but, Jason said, at the very least businesses should encourage everyone to use strong alphanumeric passwords and hard-to-guess usernames.

“I would also encourage business owners to train employees about the dangers of writing down usernames and passwords,” Jason added. “You don’t want that information to be accessible to anyone visiting your offices, anywhere it could be lost, or in a digital location that could be hacked. If this information is written down, it should be stored in a secure, locked location.”


4. Limit Financial Controls Delegation

One of the best ways to prevent fraud is to limit your weak points – which is why Jason recommends business owners limit granting financial controls to employees.

“Having access to company finances should be on a need-to-have basis,” he explained. “I’d also recommend business owners put multi-layer approvals in place for all purchases and expenditures – just in case account access is compromised.”


5. Pause Before Acting

As a business owner, your work changes daily, and you may encounter new scenarios, meet new vendors, or be asked to change orders. But sometimes, those are the very avenues that scammers look to exploit.

Jason warned that business owners should be cautious when interacting over e-mail with new vendors, when they’re asked to make any changes to an invoice, or when they receive an urgent request. Instead of jumping to resolve the issue right away, business owners should take a moment to pause and review the situation.

“If something doesn’t seem right, listen to that gut feeling and fall back on your verification processes,” Jason advised. “Scammers may try to impersonate someone in your company or a close business partner – always pick up the phone and get verbal confirmation for these asks before proceeding.”

The Risks of Poor Cybersecurity

So, why implement these best practices? A cyber attack can do more than steal data – it can put your employees and customers at lifelong risk of identity theft, ruin your reputation, cause you to lose vendors, or cripple your business.

“At the worst, if the loss is large enough or the cyberattack deep enough, it can result in company insolvency and loss of your business,” Jason said.

You’re Not Alone

Most importantly, remember that you’re not alone when it comes to protecting your business. Jason recommends partnering with your local bank for ideas, information, and an added layer of protection.

“If you inform your bank of your company’s protocols, they can partner with you and help you with the approach – even providing in-person and virtual presentations to help align key stakeholders within your company,” Jason said.

Banks also have a range of tools that can help with guarding against fraud, from online account controls to tools like Positive Pay – a service that allows business owners to approve checks and ACH requests before they are disbursed.

Jason also encourages business owners to talk to their bankers about the bank’s policies for wire transfer requests, account information requests, signer change requests, and other policies that can help protect your business.

And don’t forget - banks are always a good source of information! Talk to your banker about receiving alerts on the latest scam trends or getting access to pertinent articles on fraud and cybersecurity.


close