Skip to main content

7 tips for a more secure business online

Many businesses scrambled to adapt to a virtual world when COVID-19 hit. But did you remember to lock your doors against cybercriminals?

minute read


    If you run an office or a store, there are always nightly closing rituals. You put the money in the safe, clean up, lock the doors and turn out the lights.

    Mike Kelly, Head of Cybersecurity & Technology Controls at Chase, has seen a lot of businesses go digital in the last few months. And too many of them haven’t implemented the same rituals to protect their businesses online. They’re forgetting to lock the front door.

    “Unfortunately, we take a lot of phone calls after an attack,” says Kelly. “My heart always goes out to those business owners because it’s very traumatic.”

    The good news is that every business can protect itself from online threats. Kelly shares the top seven ways that can help stop cyberattacks and fraud at your company.

    “Dollar for dollar, training has the most positive effect on reducing the risk of cybercrime.”

    Help protect your cash flow against fraud by checking out Chase for Business Fraud Protection Services.

    – Mike Kelly, Head of Cybersecurity & Technology Controls, J.P. Morgan Chase


    1. Plan for worst-case scenarios

    What will you do if someone hacks into your business or engineers a fraudulent money transfer? It’s important to be able to respond quickly.

    Kelly suggests writing up a plan and running drills to test it. “Most organizations have a fire drill or a life-safety drill,” he says. “Cyber drills are no different. Look at a scenario, and think about how you design for it.”

    And if a hack or a mistake shuts down a vital system, have a plan B. Find a workaround that allows you to keep as much of your business running as possible.


    2. Assess your vulnerabilities

    If you’re not a techie (and even if you are), you might not know the risks you and your employees are taking. Bringing in an independent contractor to audit your technology systems and processes is one way to get ahead of those risks. A contractor can uncover hidden dangers such as unpatched software, insecure processes or compromised systems.

    “Even if you’re simply establishing a baseline, there are a lot of benefits to an independent audit,” says Kelly. “It gives you an idea of where the big things are that you’ll want to address.”


    3. Pay attention to email

    Verizon’s “2019 Data Breach Investigations Report" found that more than 90% of detected malware arrived through email. One big reason is the number of ways email can be manipulated.

    An employee might receive a seemingly innocent attachment only to discover it carries malicious software, known as malware, that could take down a single computer or your entire network. Emails can also contain links leading users to websites that automatically download malicious code onto their computers. This type of code sometimes can’t be prevented using traditional antivirus software alone. And if a colleague’s email account gets broken into, a hacker can pose as a trusted sender and trick you or someone at your company into sharing valuable information.


    4. Train your employees to detect threats

    Another reason email is such an effective way into many companies is that employees don’t always know what to look for and are not fully aware of the risks they are taking when they check their messages.

    “Dollar for dollar, training has the most positive effect on reducing the risk of cybercrime,” Kelly says.

    Phishing emails, which are messages sent by someone posing as a reputable sender, often have small details changed or contain odd phrasing. With good training, employees will know to ask questions, double-check procedures and verify requests through other sources. One effective technique is to send test emails that can track whether employees click links or follow a direction contained in a message. If they do, then the system can display educational materials or you can follow up to make sure they understand their mistake.


    5. Require strong procedures for payments

    In the early days of COVID-19, many of the usual processes and procedures had to be reimagined. That opened up new opportunities for invoice fraud.

    “You always want to be looking at your payment processes,” Kelly says. “Where are there possible weak points?”

    For example, after COVID-19 started, Kelly saw an increase in invoices sent through spoofed, disguised or hacked email addresses. Thieves who spent weeks and even months observing workers were then able to imitate language and processes perfectly. That’s why Kelly recommends being skeptical of all invoices and having client, vendor and bank phone numbers handy so that you can easily verify any payment or bank charge.


    6. Lock down your passwords

    Passwords should be complex, but they don’t need to be hard to remember. Do you have a favorite singer? Then you might have a few strong passwords already humming in your head.

    “I would take part of a good song verse and use that as your password,” says Kelly. “A song verse has multiple words. You’re going to be able to remember it.”

    Kelly also recommends keeping passwords in a secure place. Rather than pasting your passwords into a spreadsheet, consider using a password manager with strong encryption. These high-tech tools can keep hundreds of passwords safe and are easy to use.


    7. Not sure what to do? Breathe

    Hackers prey on stress and confusion. If you’re unsure how to proceed, pause and investigate your suspicions. If you experience any unusual requests or think you might be a victim of fraud, you can contact your Chase client service representative immediately or call the Chase Connect® Service Center toll-free at 1-877-226-0071. Government and not-for-profit organizations should call 1-855-893-2223.

    Learn more about Chase Business Checking.


    For informational/educational purposes only: The opinions expressed in this article may differ from those of other employees and departments of JPMorgan Chase & Co. Opinions and strategies described may not be appropriate for everyone and are not intended as specific advice/recommendation for any individual. Information has been obtained from sources believed to be reliable, but JPMorgan Chase & Co. or its affiliates and/or subsidiaries do not warrant its completeness or accuracy. You should carefully consider your needs and objectives before making any decisions and consult the appropriate professional(s). Outlooks and past performance are not guarantees of future results.

    JPMorgan Chase Bank, N.A. Member FDIC. Equal Opportunity Lender, ©2023 JPMorgan Chase & Co.


    What to read next