Fraud prevention checklist
June 1, 2026 | 2 minute read
Here are steps you can take today to strengthen your cybersecurity and help protect yourself and your business from fraud and scams.
1. Keep your contact information current and use built‑in security features to help protect your accounts.
Make sure your bank has your latest contact details so they can reach you quickly if there’s suspicious activity. Turn on tools like multifactor authentication (MFA) for logins, use strong, unique passwords and set up account alerts for your online or mobile banking accounts to get immediate notices of unusual transactions.
Bank of America clients can manage many of these settings, including updating information and turning on additional protections, by logging into Mobile or Online Banking.
2. Control who has access to your financial accounts and systems.
Only grant access to employees who absolutely need it for their role and use your business banking platform’s user-permission features to customize what each person can do. Review these access privileges regularly and promptly revoke or adjust them when someone’s job changes or they leave the company.
3. Establish a cyber awareness program for employees.
Employees are the first line of defense against criminals. Provide ongoing cybersecurity training so your staff knows how to spot and handle threats they might encounter (phishing emails, fake support calls, malware links, etc.), and ensure they know how to report anything suspicious. Encourage a culture of awareness by sharing updates on the latest scam tactics and fraud schemes (see Tips to help spot and avoid a scam: what business owners should know) and by conducting exercises like phishing simulations so everyone stays vigilant and prepared.
4. Implement a cybersecurity program tailored to your business.
Develop an overall cyber defense plan that addresses your company’s key risks and sensitive assets. Identify which data and processes are most critical and put protective measures in place. This may include keeping all software and devices updated with security patches, installing antivirus software and firewalls, backing up important data regularly (with copies stored securely off-site or in the cloud) and isolating payment systems from general web browsing or email use. Even with a limited budget, focus on these fundamental defenses and use built-in security tools (see Cybersecurity on a budget for more cost-effective practices).
5. Create and practice an incident response plan.
Be prepared in case a cyber attack or fraud incident occurs. Decide in advance who will take charge during such an event. Assign clear roles and decision-making authority to a response team or point person. Outline step-by-step procedures for different incident scenarios (for example, a data breach or ransomware attack) that cover how to detect, contain and recover from the threat. Keep key contact information (such as IT support, legal counsel, law enforcement and your bank’s fraud hotline) readily available in case normal communication systems are down. Ensure the plan is accessible even if your network is compromised, and test it periodically (for instance, by running a tabletop exercise) to identify any gaps and update it as needed.
Take action in one place
Bank of America clients can take the next steps—such as setting up alerts, updating contact information and turning on added protections—by logging into Mobile or Online Banking. Business owners can visit the Business Security Center to learn how to help protect their accounts and recognize potential scams.
Tips to help spot and avoid a scam: what business owners should know
Learn about common red flags that can help you spot a scam before it’s too late.
Cybersecurity on a budget
New and small businesses often believe they lack the budget for cybersecurity protections or that they’re unnecessary. But every business is a potential target. Here are seven ways you can affordably protect your company
Important Disclosures and Information
Neither Bank of America nor its affiliates provide information security or information technology (IT) consulting services. This material is provided “as is,” with no guarantee of completeness, accuracy, timeliness or of the results obtained from the use of this material, and without warranty of any kind, express or implied, including, but not limited to warranties of performance, quality and fitness for a particular purpose. This material should be regarded as general information on information security and IT considerations and is not intended to provide specific information security or IT advice nor is it any substitute for your own independent investigations. If you have questions regarding your particular IT system or information security concerns, please contact your IT or information security advisor.
Bank of America, Merrill, their affiliates and advisors do not provide legal, tax or accounting advice. Consult your own legal and/or tax advisors before making any financial decisions. Any informational materials provided are for your discussion or review purposes only. The content on the Center for Business Empowerment (including, without limitations, third party and any Bank of America content) is provided “as is” and carries no express or implied warranties, or promise or guaranty of success. Bank of America does not warrant or guarantee the accuracy, reliability, completeness, usefulness, non-infringement of intellectual property rights, or quality of any content, regardless of who originates that content, and disclaims the same to the extent allowable by law. All third party trademarks, service marks, trade names and logos referenced in this material are the property of their respective owners. Bank of America does not deliver and is not responsible for the products, services or performance of any third party.
Not all materials on the Center for Business Empowerment will be available in Spanish.
Certain links may direct you away from Bank of America to unaffiliated sites. Bank of America has not been involved in the preparation of the content supplied at unaffiliated sites and does not guarantee or assume any responsibility for their content. When you visit these sites, you are agreeing to all of their terms of use, including their privacy and security policies.
Credit cards, credit lines and loans are subject to credit approval and creditworthiness. Some restrictions may apply.
Merrill Lynch, Pierce, Fenner & Smith Incorporated (also referred to as “MLPF&S" or “Merrill") makes available certain investment products sponsored, managed, distributed or provided by companies that are affiliates of Bank of America Corporation (“BofA Corp."). MLPF&S is a registered broker-dealer, registered investment adviser, Member SIPC, and a wholly owned subsidiary of BofA Corp.
Banking products are provided by Bank of America, N.A., and affiliated banks, Members FDIC, and wholly owned subsidiaries of BofA Corp.
“Bank of America” and “BofA Securities” are the marketing names used by the Global Banking and Global Markets division of Bank of America Corporation. Lending, derivatives, other commercial banking activities, and trading in certain financial instruments are performed globally by banking affiliates of Bank of America Corporation, including Bank of America, N.A., Member FDIC. Trading in securities and financial instruments, and strategic advisory, and other investment banking activities, are performed globally by investment banking affiliates of Bank of America Corporation (“Investment Banking Affiliates”), including, in the United States, BofA Securities, Inc., which is a registered broker-dealer and Member of SIPC, and, in other jurisdictions, by locally registered entities. BofA Securities, Inc. is a registered futures commission merchant with the CFTC and a member of the NFA.
Investment products: