• Startup
  • Payroll/Taxes
  • Human Resources
  • Employee Benefits
  • Business Insurance
  • Compliance
  • Marketing
  • Funding
  • Accounting
  • Management
  • Finance
  • Payment Processing
  • Taxes
  • Overtime
  • Outsourcing
  • Time & Attendance
  • Analytics
  • PEO
  • Outsourcing
  • HCM
  • Hiring
  • Onboarding
  • Recruiting
  • Retirement
  • Group Health
  • Individual Insurance
  • Health Care
  • Employment Law
  • Tax Reform

Creating a Cyber Security Culture in Your Business

Human Resources

Creating a cyber security culture in your business involves more than providing tools like firewalls and virus protection software. Experts uniformly agree that educating employees about the threats of data breaches and cyber theft is a critical step in protecting your company's invaluable data.

But while most small businesses understand the need for a comprehensive data security program, many still believe hackers are only interested in going after big companies, and therefore may not take all the precautions that they should. In fact, statistics compiled by the National Cyber Security Alliance paint a disturbing portrait of small business vulnerability:

  • Almost 50 percent of small businesses have experienced a cyber attack.
  • More than 70 percent of attacks target small businesses.
  • More than 75 percent of employees leave their computers unsecured.

A breach or attack can result in a significant loss of income, particularly if the small business involved lacks cyber liability insurance. If news of the breach goes public, the damage to the business's brand may be insurmountable.

Leaving your business data exposed to cyber attacks is simply too great a risk to ignore. The best defensive strategy is creating a cyber security culture in the workplace that greatly tips the odds of success in your favor.

Start with Training

Employees often make critical cyber security mistakes because they lack the knowledge and training to recognize warning signs or avoid improper behavior while online. The most cost-effective protection is a high level of employee awareness through a focus on information-security training. We're not talking about "a one-time orientation video for new hires," notes legal security consultant James Pooley. He contends training must be ongoing, "varied, so it's interesting," and "world class, which means hiring experts."

Clarifying how a data breach can threaten their own private information is an effective way to impress employees with the need for security measures. Emphasize that a serious breach can put everyone's job security at risk. This will be sure to get their attention and reinforce the importance of a companywide cyber security culture.

Teach Employees How to Respond

Quickly identifying methods of unauthorized intrusion, from malware like worms and viruses, to phishing attempts and the dangers of Shadow IT, is just the first step. Employees should be given clear-cut, documented instructions on what to do in order to minimize potential damage. A comprehensive incident response plan stressing the need to immediately contact the help desk or IT team may significantly curtail the effects of an attempted data breach.

Reward Security-Conscious Behavior

Reinforcing desired employee behavior helps lay the foundation for an ingrained culture of data security awareness. When an employee spots an intrusion attempt and notifies IT right away, salute that action in a public employee gathering or all-staff email. Consider a small "rewards program" for employees who regularly sign up for ongoing training (which reduces the "mandatory" nature for such training).

Threats to your business data are an unfortunate reality in today's marketplace. But instilling a cyber security culture with proper training and reinforcement will go a long way towards safeguarding sensitive information and protecting the integrity of your business.

Small business cyber vulnerability

Tweet these statistics.


This website contains articles posted for informational and educational value. Paychex is not responsible for information contained within any of these materials. Any opinions expressed within materials are not necessarily the opinion of, or supported by, Paychex. The information in these materials should not be considered legal or accounting advice, and it should not substitute for legal, accounting, and other professional advice where the facts and circumstances warrant.