Cyber guidance for commercial and corporate clients

Strong security starts with you

Security for commercial and corporate clients

Review best practices >

Common bank and money scams

Explore resources >

Cyber incident response plan guidance

Develop plan >

Report fraud or suspicious activity

Report suspicious activity >

Security best practices for commercial and corporate clients

  • Create a unique password or passphrase: Create a long, unique, complex password or passphrase for every business and banking account. Make sure the password is at least 8 characters long, and includes a mix of uppercase and lowercase letters, numbers, and symbols. 

  • Enable mobile token for Vantage® services: Mobile token uses proven RSA SecurID technology to generate a one-time code on mobile devices that can be used to sign on and access secure online banking services.
  • Protect access credentials: Never share passwords, PINs, token codes, or other authorization credentials. If someone needs access to your organization’s Wells Fargo Vantage account, grant it only to those whose roles require it. Use ‘Administration’ on Vantage to review account permissions, remove authorized signers, and manage users.
  • Define roles and accountability: Assign clear ownership for managing passwords, approving financial transactions, and monitoring account activity.
  • Sign-up for alerts: Alerts such as login attempts and secure validation codes are sent automatically to help protect your account. Optional alerts, including wire activity and select fraud alerts, can be enabled in ‘Manage Alerts’ in Vantage.
  • Update software: Enable automatic updates for operating systems, applications, and browsers on company and banking devices to apply security patches that fix vulnerabilities and reduce attack risk.
  • Use anti-virus and spyware protection software: Install reputable, business-grade security software on every device, including employee laptops, mobile phones, and tablets. Ensure it updates automatically and alerts the organization to suspicious activity.
  • Control software downloads: Allow installations only from trusted, approved sources. Require employees to review permissions and routinely remove unused or outdated apps that may introduce risk.
  • Check security settings: Regularly check device, browser, and application security settings. Limit which apps can access sensitive features such as the camera, microphone, location data, contacts, and file storage, especially on devices used for business communication or financial operations.
  • Regularly back up data and files: Ensure important data and files are routinely backed up, including financial records, customer information, emails, and other key business documents.
  • Physically secure devices: Treat physical security as part of cyber defense. Require employees to store devices securely, avoid leaving them unattended, and use screen locks. Lost or stolen devices can expose sensitive business data and provide criminals access to accounts.
  • Make cybersecurity a business priority: Reinforce that cybersecurity is not just an IT function. It's a core part of managing operational risk. Every employee plays a role in protecting accounts, devices, and data.
  • Provide ongoing employee training: Beyond routine security and basic cyber hygiene training, ensure employees know how to recognize and report suspicious links, QR codes, and unexpected requests. Share the Wells Fargo Security best practices for individuals and Avoid common threats and scams pages with employees for additional guidance.

    • Pro tip: Encourage employees to review the Tips to avoid AI scams page to build awareness of evolving fraud techniques that leverage artificial intelligence to impersonate trusted contacts.
  • Emphasize the importance of enabling MFA: Require multi-factor authentication (MFA) for all employee accounts tied to business operations, including social media, websites, and email, to prevent unauthorized access that could cause financial or reputational damage.
  • Separate personal and business devices: Don’t allow employees to conduct business activities or access sensitive systems from personal devices unless those devices meet the company’s security standards.
  • Verify urgent requests, and be careful sharing information: Criminals often impersonate executives, vendors, or banks to create urgency. Remind employees to verify any urgent or financial requests through a trusted, independent channel, not the contact details in a suspicious message.
  • Establish enhanced controls for high-risk transactions: To help prevent payment fraud, consider using a two-person approval process for payment actions, particularly for key vendors and large or high-risk transactions. This process should also apply when adding new payment details or making changes to existing payment instructions. For more information, visit the Tips to avoid business email compromise page.
  • Strengthen third-party risk management: Conduct vendor and third-party due diligence ensuring their cyber programs are aligned with industry frameworks like the National Institute of Standards and Technology’s Cybersecurity Framework (NIST CSF) and the International Organization of Standardization’s information security standard 27001 (ISO 27001).

To learn more, visit the Wells Fargo Avoid common threats and scams page.

Stay ahead of common threats and scams

Commercial banking fraud and security center

Explore resources

Avoid common threats and scams

Stay informed

Tips to avoid business email compromise (BEC)

Get details

Safety tips to avoid AI scams

Learn more

Identify bank imposter scams

See more information

Money and account safety tips for traveling

Review tips

How to avoid IT and tech support scams

Explore recommendations

Avoid online payment and wire transfer scams and fraud

View details

If you are a Wells Fargo client, contact your Relationship Manager to learn more about the Cyber Client Advisory program’s engagements and initiatives.

Sign-up may be required. Availability may be affected by your mobile carrier's coverage area. Your mobile carrier's message and data rates may apply.

DT1-06112027-12-8985720-1.1