How to Handle a Compromised Business Account

Lock down compromised business accounts fast with immediate containment, forensic review, and recovery protocols.

  1. Execute immediate lockdown within 60 minutes. Call your bank's business fraud hotline immediately — not the branch, the dedicated security line. Freeze all compromised accounts and request emergency stop-payments on any suspicious transactions. Change all online banking passwords and disable mobile access until you regain control.
  2. Document everything for the forensic trail. Screenshot all suspicious transactions, emails, and account activity before the bank removes them. Print account statements for the past 90 days. File a police report within 24 hours — you'll need the case number for insurance claims and regulatory filings.
  3. Audit all connected systems and credentials. Review every system that touches your bank account — payroll processors, accounting software, payment platforms, automatic withdrawals. Change passwords on all financial software and revoke API access for any third-party tools. Most breaches spread beyond the initial entry point.
  4. Calculate damages and file claims immediately. Tally direct losses, overdraft fees, and operational costs from the breach. Submit fraud claims to your bank within 2 business days for maximum protection under Regulation CC. Contact your business insurance carrier — cyber liability and crime policies often cover fraud losses and recovery costs.
  5. Rebuild with enhanced security protocols. Open new accounts with fresh credentials and multi-factor authentication. Implement dual-approval requirements for transactions over your threshold — typically $1,000-$5,000 for small businesses. Set up real-time account alerts for all transactions, not just large ones.
  6. Establish ongoing monitoring and controls. Reconcile accounts daily instead of monthly during recovery. Set up account alerts for balance changes over $100. Review all authorized signers and remove anyone who no longer needs access. Schedule quarterly security reviews of all banking relationships and connected systems.