Corporate Payroll Services

Small businesses are popular targets of cyber criminals.  Thousands of attacks happen every day—with successful ones costing organizations hundreds of thousands of dollars, or more.  According to Symantec’s Internet Security Threat Report, malicious threats such as email phishing, malware and ransomware are on the increase, with many specifically targeting small businesses.

Fortunately, there are effective measures you can take to prevent hackers, scammers, and other dark web types from compromising your network, stealing information, and harming your organization, employees, partners and customers.

Here are a dozen straightforward recommendations to protect yourself as a business owner:

  1. Protect your network with security software and keep this software up-to-date.  A quality firewall is a must, as is encryption for your sensitive files.
  2. Install quality antivirus and anti-malware software on all computers used for company business and set up regular scans.
  3. Back-up your databases on a regular basis.  If your files are ever compromised, losing everything can be fatal to your business.  Having a recent backup will enable you to restore your data so you can continue to operate.
  4. Train employees on your Internet safety and security policies and procedures and your security software.  You should also review how to recognize potential security threats and to create strong passwords.  Training also should include your response plan in the event of an attack or breach.
  5. Avoid dictionary words for passwords.  Use multiple upper and lower case letters, as well as numbers and symbols.  Phrases or long acronyms are especially hard to ascertain or break.
  6. Note in your policy the security measures employees should follow when they’re out of the office and not using your firewall and secure network.
  7. Be extremely cautious of unexpected emails that ask you to click a link to log into an account to update information or fix a problem.  These are likely phishing emails designed to steal valuable personal or company information.  Malicious links often substitute look-alike letters and numbers, such as a 1 for a lower case “L”, to lure the victim to click to a fake web page.
  8. Never enter credit card numbers or other valuable information on a website that is not secure.  A secure website URL will begin with HTTPS, instead of HTTP.  You should also double check that you’re on the site you intend to be on whenever entering such information.  Entering a known web address directly, rather than clicking on a link, is a safer route.
  9. Never, ever email sensitive employee information such as W-2s, benefit enrollment forms, completed census forms or anything with social security or credit card numbers.  Email databases and accounts are inherently insecure and if malicious parties obtain access, they can often see or get everything associated with the account.
  10. Do not respond to email requests for sensitive information such as W-2s, even if they come from an executive in your organization.  Scammers have been known “spoof” emails of executives or other employees to steal information.
  11. Use a secure shredding company to ensure proper disposal of physical documents with sensitive company and employee information.
  12. Completely wipe or destroy hard drives and storage when disposing of—or even donating—hardware.  This will prevent someone from finding an old company laptop, thumb drive, multi-function printer or desktop computer and gaining access to potentially sensitive information stored on it.

These are just some of the things you can do to protect your company from these attacks.  Remaining vigilant is key to staying a step ahead of cyber criminals and keeping your company, employee and customer data safe.

If you have additional suggestions on how you deal with cyber threats, please comment below.  And of course, if you have questions on how to protect yourself from scammers and others on the dark side of the web, please reach out to our HR Pros, who contributed to this article.