Solving your payroll and HR issues with insights, answers, and action.

  • Startup
  • Payroll/Taxes
  • Human Resources
  • Employee Benefits
  • Business Insurance
  • Compliance
  • Marketing
  • Funding
  • Accounting
  • Management
  • Finance
  • Payment Processing
  • Taxes
  • Overtime
  • Outsourcing
  • Time & Attendance
  • Analytics
  • PEO
  • Outsourcing
  • HCM
  • Hiring
  • Onboarding
  • Recruiting
  • Retirement
  • Group Health
  • Individual Insurance
  • Health Care
  • Employment Law
  • Tax Reform

5 Cyber Security Best Practices to Prevent Your Company from a Cyber Attack


While you may assume there is minimal possibility of someone breaking into your company's information systems and stealing sensitive data, the reality is that it absolutely can happen. In fact, cyber attacks on businesses are very common. The National Cyber Security Alliance found that nearly half of small businesses have experienced a cyber attack, and more than 70 percent of attacks target small businesses.

Small and mid-sized companies often lack the cyber security protocols and IT security staff used to protect large companies, making them especially vulnerable to attack. It's important to try to prevent such data breaches at your business because they can be costly to repair.

A recent analysis by the Ponemon Institute found that the average breach costs businesses $1.41 per record compromised, and the total cost of a breach — including the repair costs as well as lost revenue — can reach well over a million dollars. On top of that, a breach that compromises sensitive information such as your customers' credit card numbers or your employees' social security numbers could cost your business its reputation.

Taking basic, yet critical, steps can help you greatly reduce the odds that cyber thieves break into your systems. Here are five cyber security best practices:

  1. Don't cut corners on data protection. Have updated antivirus software from a reputable company installed on all devices that your employees use for work. Use encryption to secure emails and documents containing sensitive information during transmission. And make sure you have a personal firewall activated on all computers. Software security updates can be performed automatically so that they are done on time and you don't have to remember to do them manually. These are basic measures, but surprisingly many companies fail to take even these simple steps.
  2. Protect your systems with strong passwords. Make sure all key systems — including all email accounts and databases — are protected by difficult to guess passwords. Consider requiring employees to reset their passwords periodically but especially if they suspect that it has been compromised. For added assurance, require two-factor identification for administrative users, especially when connecting remotely. Limit access to passwords to only employees who need to know them, and change passwords whenever someone who knows the password leaves the company.
  3. Train your employees to spot and report malicious emails. Your employees are on the front line of the fight against cyber attacks. Make sure they know the basics: Do not click on links in emails sent from unfamiliar senders or if an email seems odd or suspicious, even if they think they know the sender. (Some attackers "spoof" email addresses of people you know to gain your trust and get you to accidentally click on nefarious links.)

One increasingly common and dangerous form of malware that locks computers and networks until a payment is made to the cyber attackers — called ransomware — is spread through people clicking on malicious links found in emails. It's important that employees recognize such emails and report them to management. Often these emails contain misspelled words, unrecognizable return email addresses, or other problems that should be a red flag. Additionally, instruct employees on how to be careful in their web browsing, to only visit reputable websites, and to avoid clicking on suspicious pop-up windows.

  1. Set rules for personal device usage. The growth of "bring your own device" (BYOD) to work policies has a drawback: Most employees' personal devices and home networks are probably less secure than those provided at work. But if they use a virus-infected personal device, they could infect the workplace network and all the other devices that use the network. Consider requiring employees to only use work-issued devices in the workplace, or make sure their personal devices have the right protections in place.
  2. Back up your data regularly. Create daily (or at least weekly) backups of your computers and data. This can protect you; if a hacker can pry into your system and lock your computer, you can simply restore the computer to the latest backup.

Although it’s National Cyber Security Month, protecting your company from a cyber attack is imperative year-round. These cyber security best practices provide a multi-pronged approach to thwarting potential attackers and training your staff on basic techniques for spotting and avoiding potential cyber threats.

todd colvin headshot

Todd Colvin is the senior director of data and systems security at Paychex, Inc., a globally recognized leader in human resource services for small- and medium-sized businesses. He is a business-savvy converged security executive with a demonstrated ability to dissect critical operating processes for the purpose of identifying weaknesses and providing commercially reasonable recommendations to reduce financial, regulatory, or legal impacts to any organization.

This website contains articles posted for informational and educational value. Paychex is not responsible for information contained within any of these materials. Any opinions expressed within materials are not necessarily the opinion of, or supported by, Paychex. The information in these materials should not be considered legal or accounting advice, and it should not substitute for legal, accounting, and other professional advice where the facts and circumstances warrant.
View More in ManagementView All Categories