• Startup
  • Payroll/Taxes
  • Human Resources
  • Employee Benefits
  • Business Insurance
  • Compliance
  • Marketing
  • Funding
  • Accounting
  • Management
  • Finance
  • Payment Processing
  • Taxes
  • Overtime
  • Outsourcing
  • Time & Attendance
  • Analytics
  • PEO
  • Outsourcing
  • HCM
  • Hiring
  • Onboarding
  • Recruiting
  • Retirement
  • Group Health
  • Individual Insurance
  • Health Care
  • Employment Law
  • Tax Reform

Cyber Fraud: How Small Businesses Can Help Protect Themselves from a Security Breach


Many businesses rely on the internet to operate certain aspects of their operations. According to the U.S. National Cyber Security Alliance, two-thirds of small businesses are dependent on the internet for day-to-day operations. While having an online presence can help businesses run more efficiently, it's also opened the door to business email compromise and other forms of cyber fraud.

What is business email compromise?

Have you ever received a suspicious-looking email asking you for money? It may look similar to an invoice from a service provider, but upon further inspection, you realize that the email address or domain name are different. Or, perhaps you find it suspicious because that specific service provider wouldn't contact you for payment in such a way.

These are all characteristics of business email compromise. And while you may not have interacted with a suspicious email, others haven’t been as successful. In fact, a Verizon 2016 Data Breach Investigation Report found that 30 percent of phishing emails get opened by the targeted recipient.

When hackers successfully carry out this type of attack, victims often end up disclosing sensitive information. From there, hackers can gain access to accounts, extract private information, process unauthorized requests, and redirect funds to anonymous accounts.

What's the severity for small business owners?

According to research conducted by Symantec, more than 400 companies are targeted for business email compromise each day. On a national level, almost 40 percent of cyber crimes specifically target small- to medium-sized businesses, and annual losses are reported to be in the billions.

While larger companies may have the resources in place to come back from this kind of attack, recovery may be much more difficult for smaller businesses. Sixty percent of small businesses actually go out of business after this sort of data breach, according to the U.S. National Cyber Security Alliance.

Cyber fraud losses in small to medium sized businesses

How can business owners protect themselves from cyber fraud?

Stay vigilant.

Just about any company can be susceptible to cyber attacks, which is why it’s important to be proactive. More so, your entire team should understand the severity of a potential cyber attack, and know how to recognize warning signs or suspicious behaviors while online. It may be in your company’s best interest to train your employees on how to protect sensitive information and the basic steps they should take to mitigate a possible security breach.

Hire or consult with a network professional.

A network security professional – either an employee or someone from a professional services company – can be one of your best assets in protecting your business from cyber fraud. This type of professional can help you identify vulnerabilities, detect hackers who get through, respond to attacks quickly, and recover any data that may have been lost.

Use products and services that help protect you against cyber fraud.

When looking for helpful and effective products and services, it's important that you do your research.  Check that these services providers have policies in place in case their business does accidentally fall victim to an attack.


This website contains articles posted for informational and educational value. Paychex is not responsible for information contained within any of these materials. Any opinions expressed within materials are not necessarily the opinion of, or supported by, Paychex. The information in these materials should not be considered legal or accounting advice, and it should not substitute for legal, accounting, and other professional advice where the facts and circumstances warrant.