This is an ever evolving area as frausters change their techniques and new threats become apparent. However, some basics include making no disbursements until incoming check clears. Use no social media on law firm PCs – especially the PC used for banking. Buy, use and update software for financial malware and ransomware protection. Use an RSA token authentication for online access. Two person approval requirement for outgoing ACH transfers is highly, highly recommended. ACH Positive Pay – where the bank screens ACH debits—is worth having if your bank provides it, as is Regular Positive Pay – where the bank screens checks before making payment.