* As Graham does, monitor your account regularly -- at least daily. The more quickly you catch a fraudulent transaction, the better the chances that you can rescind it, or at least prevent others.
* Educate your employees. Some types of cyber-fraud are fairly easy to recognize, and employees should know to steer clear of them, Austin says. Case in point: phishing schemes, or supposedly official emails that ask for sensitive information, such as an individual's computer password or credit card number.
* Take care when transmitting confidential information via mobile devices. "The bad guys are focusing on these technologies," given how popular they're becoming, Ponemon says. In addition, smart phones and the like are easier to misplace than desktop computers, boosting the potential for fraud, he adds.
* Don't forget that appropriate manual procedures, such as separating responsibility for initiating purchase orders and approving payment, can go a long way to reducing the incidence of fraud. "The majority of criminals are low-tech," Ponemon says.
* Finally, understand your firm's responsibilities should a loss occur. Regulation E, which is part of the Electronic Fund Transfer Act, provides protection to individual consumers engaging in electronic fund transfers. "It doesn't extend to commercial accounts," says Austin. Instead, the extent of your firm's liability, as well as your bank's, should be covered in the contract between the two organizations, says Doug Johnson, vice president for risk management policy with the American Bankers Association.
What's more, even if the bank takes on some responsibility to cover a loss, it may hinge on your company instituting reasonable security procedures. "By contract, the business generally agrees to abide by reasonable security procedures," Johnson says. If your company experiences a loss and it becomes apparent that its security policies were sub-par, the bank may not be liable for any losses.
Sign up for CIO Asia eNewsletters.