While some things never seem to change, there’s good evidence that companies across America are making progress on one of the most critical threats facing them today. Here’s an overview of what’s changed — and what can be changed — when it comes to protecting corporate bank accounts from hacking.

The vast majority of hackers are on the outside looking for a way in — and more specifically, a way to get at your purse strings. While phishing for login credentials is nothing new for hackers, they’ve shifted their targets over the last half-decade. With the rise of social media, hackers have honed in on misleading people to make big security mistakes.

“Over 90% of compromises in corporate America are done through phishing,” notes Secure Cyber Defense CEO Shawn Waldman. “Hackers are getting to a company’s weakest link, which is the employee.”

While the advice for identifying and responding to bank account hacking applies as much to businesses as it does to consumers, it’s clear that corporate America has far more at stake, especially in terms of the financial incentive to hack a bank account.

Hackers are resorting to social attacks 18% more of the time now than they were in 2013, according to the Verizon 2019 Data Breach Investigations Report. And 20% more incidents are targeted directly at people within a company, as opposed to software or servers.

Waldman has witnessed the same kinds of issues the data suggests. “We see companies get their bank accounts compromised all the time,” he says. “Hackers use phishing and social engineering to lure information out of companies so they can wire money out of the country.”

Regardless of whether the phishing attack compromises a user’s credentials directly or silently installs software that monitors activity or logs keystrokes, the crux of the threat is that employees lack familiarity with phishing tactics or care in handling dangerous links.

“People are in too big of a hurry,” Waldman said. “They’re click-happy and just want to push through and get work done.”

Fortunately, the study also illustrates that when companies test their employees with mock phishing attempts, the threat dwindles. Click rates in these cases have dropped from 25% in 2012 to less than 3% in 2018.

The key ingredient, Waldman explains, is to have a plan. “I can tell you with complete certainty that if you’re involved in wire fraud internationally, you have 72 hours to react. After that time passes, the Secret Service cannot help you. In the absence of organization, it turns into chaos.”

Good planning starts with a relationship with your bank and your IT or cybersecurity company. Here are three other components of a strategy to stop hackers in their tracks:

  1. Train your employees to slow down and listen to their gut.
  2. Maintain basic cybersecurity hygiene by updating and patching computer systems regularly.
  3. Educate your users, train them often and put them to the test.

Many companies stop at phishing tests, Waldman adds. They don’t offer updates on the newest phishing tactics or the latest vulnerabilities, including new technologies or the latest current events.

“To be an effective deterrent, you need to do all of them. You have to continually educate your employees.”