In the last 3-5 years, there has been increased losses through lax security around bank accounts.
Instances include loss of email accounts of senior executives and these accounts are used to email the junior payable accountants requesting payments to fraudsters bank accounts, all the way to loss of control of bank accounts through loss of control of mobile phone banking.
In prior blogs we’ve covered some security tips for email accounts and mobile phone numbers, and in this blog we’ll cover bank account best practices.
Losing control of your bank accounts is one of the most critical immediate issues that can cause a business to fail, and loss of control of personal bank accounts can be frequently more significant, given many people have mortgage offset accounts and savings accounts.
In our previous blogs on email addresses and phone numbers, we’ve suggested a clear distinction between work/personal/private areas, with private email addresses and phone numbers for critical <bank like> logins.
There are significant numbers of defensive strategies available in terms of banking protection, and first steps must be to hide critical information.
For Australian accounting firm owners, there should be a number of separate bank accounts for their accounting firm:
- The public bank account that is sent out to customers to make payments. It should be assumed this is a compromised account, and no large balances should ever be maintained in this account. The BSB gives not only the bank name but also the branch, making it relatively easy for fraudsters to contact your branch. Surplus funds should be swept into another branch or another bank. Payments should also come from this account, in case it is required to disclose the bank/branch to a supplier in case of a missing transaction that needs to be traced.
- There should be a separate bank/branch with the accounting firm’s main funds. This should not be a public piece of information.
- Accounting firms frequently have trust accounts. You should consider if one or two trust accounts are preferred. More recent articles have shown trust accounts can be frozen by banks/ATO.
Also, consideration of personal bank accounts should deploy several bank accounts:
- A bank account for transactions, where payments go out and come into. Assume this information is compromised if this information has been released in any way to a third party (such as someone putting money into the account), so never store any large amounts of money in this account.
- Consider the use of a “one-time” bank account for any large payments such as settlement on house sales, settlement on asset sales, receipt of inheritance moneys etc.
- Have a separate bank / branch for the main bank account. Or consider having a couple of bank accounts. Splitting bank accounts across banks/branches makes it harder for fraudsters to steal all the money at once. Don’t put all your eggs in one basket!
Increase the levels of security. Most banks offer the ability to pay using a one time SMS code, and for enhanced security you should consider using tokens or some other portable security keys. Some banks offer the ability to use third party security keys like the Yubikey.
Also, continually re-evaluate your bank and their upgrades to their online banking systems and banking apps. Your banking systems, like your email and phone systems, are critical components of your business and personal life. It’s critical to continually monitor and deploy best practice in all areas to ensure there are no weak links in your security.