Start-Up Banking 101: How to Protect your Business from Disruption

Access to funds is crucial for start-ups as it directly affects their ability to operate, grow and innovate: any disruption can halt operations, stall critical projects, and erode trust with employees and customers alike. Start-ups need to be agile, responding swiftly to market opportunities or challenges, which often requires immediate access to financial resources.

Evolve & Silicon Valley breaches shine light on banking risk

The importance of reliable banking has been highlighted over the past year by the incidents involving Silicon Valley Bank (SVB) and Evolve Bank & Trust. These banks are key financial partners for numerous start-ups and tech companies, providing not only banking services but also specialized financial support tailored to the unique needs of the start-up ecosystem. When SVB faced a sudden collapse in March of 2023, it sent shockwaves through the tech industry. Companies that depended on SVB found themselves unable to access their deposits, leading to a cascade of operational disruptions and financial uncertainty.

More recently, Evolve Bank & Trust has been in the news for a ransomware attack that led to the leakage of personal data for millions of customers. This comes just weeks after Evolve customers lost access to funds for nearly two weeks after partner banking platform Synapse Financial Technologies went bankrupt, shutting down its platform. It’s estimated that over 200,000 accounts were affected by the Synapse bankruptcy, making it the largest financial product disruption since 2015.

These incidents underscore the critical need for start-ups to adopt start-up banking best practices, utilizing a combination of account security settings coupled with banking diversification to minimize business disruption risk. In lieu of breaches or disruption like the most recent Evolve hack, founders need to be prepared to layer in additional safeguards to keep their businesses safe.

Banking best practices for start-ups

In late 2023, we closed a $7.7M seed funding round co-led by General Catalyst and Human Capital with participation from BoxGroup. With this funding, my co-founder Gabbi and I sat down and mapped out the best way to keep our finances secure without causing business disruption. There are three key layers to our banking approach that I recommend to all start-ups:

1. Utilize basic security protection. All banking accounts - business and personal - should have two factor authentication rolled out. Founders should also set a transaction threshold that requires approvals from multiple team members if exceeded. 
2. Keep balances low in accounts receivable. We have a separate bank account that we utilize only for accounts receivable and have rules set to automatically move money to another account when the total is greater than $1 in this account. We do this as this account information is regularly shared when we bill, so we want to limit the fund accessibility as much as possible. Furthermore, as we don’t actively spend out of this account, there is no need to keep any money within it.
3. Diversify your banking. The surest way to reduce systemic risk is through banking diversification - we maintain checking accounts across multiple banks. These accounts have multiple months of operating capital to ensure we’re protected in case of lock-out in one account.

What to do if you were impacted by a breach

As a Mercury client, we received a note as the Evolve breach went public detailing the exposure and with additional recommendations to keep our account safe. I’ve detailed those below in addition to a few other safety precautions I recommend founders take if they may have been impacted in a breach: 

• Activate an ACH allowlist. An Automated Clearing House (ACH) allowlist is a list of pre-approved accounts and entities that are authorized to send or receive ACH transactions with a particular account or business. Through this, organizations can ensure only trusted and verified parties are involved in their transactions, reducing risk of fraud and unauthorized transfers.
• Monitor your balance daily. It’s important to pay extra attention to your account balances in the wake of breaches so you can flag anything fraudulent in a timely manner. You can set up automated alerts for transactions and balance updates within your accounts. 
• Open a new checking account. You can request a new checking account with a new account number, transferring funds to the new, secure account. While this may cause some initial disruption to your business, it will protect your account in the case it was impacted by the breach. 

Finally, as personal information may have been leaked with the most recent Evolve breach, there are a few additional steps you should take:

• Require two factor authentication to modify cell plan. Make sure that your cell phone number is protected and that carriers are unable to change the device associated with your phone number without your authorization. For many providers, this involves adding an additional pin to your account that is needed to transfer the number.  
• Invest in an identity monitoring solution. Identity theft protection services can automate identity theft and fraud monitoring across credit applications, bank account activities, public records, and more. If your identity is compromised, monitoring solutions can help you resolve issues and restore your identity. Companies may cover this for affected customers in the event of a breach.
• Freeze your credit report. You can do this by reaching out to the three major credit bureaus: Experian, TransUnion, and Equifax. Each bureau has its own process for initiating a freeze, but steps are roughly the same. You will first need to verify your identity, and then you will be assigned with a unique PIN or password required to lift or temporarily unfreeze your report. While frozen, new creditors will be unable to access your credit reports (meaning identity thieves will be unable to open new accounts with your information). 

While Zip doesn’t offer banking services or identity protection, we can protect your business from any direct breaches through a customized cybersecurity strategy based on your needs. We simplify cybersecurity for businesses - making an enterprise-grade tech stack accessible to all. Reach out today for a custom quote.