• Startup
  • Payroll/Taxes
  • Human Resources
  • Employee Benefits
  • Business Insurance
  • Compliance
  • Marketing
  • Funding
  • Accounting
  • Management
  • Finance
  • Payment Processing
  • Taxes
  • Overtime
  • Outsourcing
  • Time & Attendance
  • Analytics
  • PEO
  • Outsourcing
  • HCM
  • Hiring
  • Onboarding
  • Recruiting
  • Retirement
  • Group Health
  • Individual Insurance
  • Health Care
  • Employment Law
  • Tax Reform

Cyber Security and a Secure Business: What You Need to Know


How safe and secure is your business? It's a question that every business owner should ask. In the last year, half of small to medium businesses have been hacked, and the FBI recently warned that malware attacks–which deploy infected software to your devices or servers–has increased. These and other cyber security issues are critical concerns for business owners. The good news is that despite the growing number of incidents and an increasingly complex security landscape, it is possible to create a plan that helps improve the security of your business. Here are some important considerations that can help increase your company's cyber resiliency.

Think of Security Going Hand-in-Hand with Business Continuity

When launching a new business, it's important to think about business continuity. What will happen, for example, if a crisis, natural disaster, or other major problem arises? Employers should add hackers to that list of potential threats. Develop an action plan that focuses on minimizing the impact of hackers and getting back online quickly. Some elements to consider in your cyber attack-related continuity planning include:

  • Strategies and tools to quickly identify when a breach or attack has taken place;
  • A notification system to let all key employees know systems have been compromised;
  • A regular, recent data backup that ensures your company information is protected;
  • A plan that will help get you quickly back online, while mitigating the impact; and
  • The names and contact numbers–or even a contact in place–of experienced disaster recovery resources who can help you get back online quickly.

Be Aware of the Range of Potential Threats

Not long ago, the biggest threat to businesses was a computer virus. Today, it's important to be aware of even more:

  • Malware, which replicates itself and can spread to other devices, servers, or the network;
  • Whaling schemes that use social engineering to gather details about executives and then defraud companies of massive amounts of information;
  • A range of specific types of malware–including ghostware, blastware, and two-faced ware–which are all subtle variations that make it harder to effectively fight malware;
  • Increasing attacks on the cloud, including cloud-based systems and data storage; and
  • Compromised networks as a result of compromised endpoints (e.g. mobile devices).

Employers should add hackers to that list of potential threats. Develop an action   plan that focuses on minimizing the impact of hackers and getting back online quickly.

Strategies to Improve Your Company's Security

Even companies that are just getting started can make important strides toward security. Here are five ways to get started:

Invest in training and policies: Invest in training your team to recognize threats and escalate or respond appropriately. The more likely your workforce is to recognize a scam or potential hack, the less likely they are to inadvertently bring malware or other problems to your network. Keep teams updated on the latest threats, and incentivize people to participate in training. Develop policies that outline your expectations about the best security and safety practices around company devices and information.

Secure all endpoints, from computers to mobile devices: Today's modern workforce needs a security solution that protects all computers, laptops, and mobile devices that your company uses. Security software should identify threats, block them, and be able to scan devices. Use pop-up blockers, and ensure that software settings download all updates and manually scan devices at least once per day.

Build a perimeter around the network: This includes password-protecting both your router and network with long, complex, and difficult-to-guess passwords that are changed at regular intervals. Install a firewall and encrypt all the data on your network. Reinforce this with strong password requirements for all systems and demand that they be changed regularly–at least monthly, if not more frequently.

Secure a copy of your data: Choose a secure plan that backs up your data at both the network and individual levels as frequently as possible. Send one copy to the cloud for safekeeping, and consider storing a physical copy offsite in a fire-safe lockbox or safe for additional protection. If your business comes under full attack, these additional measures can help you quickly get back online.

Have a regular audit in place: Educate all users about what to look for when cyber security has been compromised, such as trouble accessing an account or unusual activity. These issues should immediately be flagged to your IT team. Beyond that, companies should schedule regular IT audits with their staff and use monitoring tools to find the anomalies that could signal a more serious problem.

Keeping your business safe and secure is an important consideration at all levels of business ownership. When you're first launching, you may not be able to afford the most expensive tools. But with strategic thinking and a few key investments, it's possible to help ensure that your business is as safe and secure as possible.


This website contains articles posted for informational and educational value. Paychex is not responsible for information contained within any of these materials. Any opinions expressed within materials are not necessarily the opinion of, or supported by, Paychex. The information in these materials should not be considered legal or accounting advice, and it should not substitute for legal, accounting, and other professional advice where the facts and circumstances warrant.