With the recent cyberattacks on JPMorgan Chase & Co. and a handful of other financial institutions, it’s clear that banks are just as vulnerable as any business. Of course, this is nothing new. Since the advent of online banking, financial institutions have spent millions of dollars battling malware attacks.

In fact, the financial services industry ranks fifth among the top 10 industries for targeted attacks, according to the 2014 Symantec Internet Security Threat Report.

But compared to other industries, banks operate from a unique position, in that they have to focus intently on their own security, but also make sure their clients have the knowledge and tools to protect against computer criminals. Providing that protection usually comes down to a matter of security versus convenience.

“We’re trying to provide innovative banking solutions, but convenience cannot be our first priority,” says Eric Johnson, chief information officer for River City Bank. “We look at security first and foremost.”

Symantec notes that banks can employ various measures to strengthen their online security, such as:

• implementing security precautions on all mobile devices (including strong passwords)
• using encryption for all data
• protecting physical and virtual data centers with solutions that detect/prevent intrusions
• scanning regularly for vulnerabilities

But clients have a role to play, too. For small businesses who do online banking, Johnson recommends a three-tier process to help defend against cyber fraud.

1) Get educated early and often

The best kind of protection starts with prevention, but most small businesses don’t know where to begin. This is why education is critical. Employees and clients should know, for instance, why they need strong passwords or how to spot phishing emails. Your bank might be a starting point.

Find out if your bank provides consultation services or hosts conferences to help customers improve cyber security awareness. River City Bank offers annual cybersecurity training sessions and risk management follow-ups to certain customers. In these sessions, experts outline security best practices and discuss the importance of firewalls, antivirus software, system segregation and cyber security threats.

And with technology moving quickly, it’s crucial that online bankers stay up-to-date on current events related to cybersecurity. Websites such as staysafeonline.org, powered by the National Cyber Security Alliance, can keep you in the know.

2) Apply what you learn

Awareness is only the first step. You still have to put that knowledge into practice. One of the most important (and easiest) ways to protect yourself is by using stronger passwords.

In addition to changing your passwords regularly, Johnson advises users to avoid the “remember password” feature on web browsers, and never writing passwords down.

For more cyber protection tips, check out this top 10 list.

3) Embrace a little inconvenience

At some point, when it comes to online banking, business owners need to choose between security and convenience. River City Bank offers a program called Positive Pay, which allows customers to enter important check data (date, check number, dollar amount, etc) in the system before a deposit is made. Since checks have the same routing and account numbers, this extra layer of security can immediately reject a fake or altered check.

“It’s more inconvenient for business customers,” he says, “but it drops your check fraud dramatically.”

This is just one of the tools in the toolbox. But with cyber fraud on the rise, business owners who do their banking online can’t afford to sacrifice security for convenience.

For more tips on cybersecurity, check back next week for Russell Nichol’s November cover story, “Web of Thieves.” You can also stay in-the-know by signing up for our weekly newsletter, or becoming a print subscriber.