In the event of a fraudulent purchasing card, ACH, or wire transaction, contact the company’s financial institution provider and ask them:
What user account changed the "account"? From which IP address?
What user account made the payment? From which IP address?
Is there a way we can lock what vendors we can send ACH payments to?
On the credit side, companies could implement credit card masking tools or use an enterprise password manager to generate new virtual cards every time a purchase is made on top of using vendor cards with approval limits.
When it comes to document security, it’s important to define what is "sensitive" and create rules around it. A simple solution is to add a text string to sensitive files that you would not see on other documents. For example, we could put SENSITIVE in the header of all sensitive documents, then set a rule to detect that. Once you’ve established a security identifier, you can then run a search to show how many sensitive files match one of these rules. You can also run a search to identify documents containing sensitive and confidential data such as SSNs, bank account numbers, etc.
Most business suite providers have built-in security features to alert and enforce additional rules. You’ll want to start with alerting, to avoid breaking business processes. The enforcement it can: block external sharing, warn about external sharing, and prevent downloading printing, and copying.
HBS Article: Your company’s data is for sale on the dark web. Should you buy it back?
The answer is no.