Small Business Solutions

It’s in the news almost daily now, cyberattacks. Making the big headlines are those instances that paralyze the operations of some of the world’s major corporations. What you don’t often hear — and these attacks are far more frequent — are those that impact small and midsized businesses.

Numbers can vary from year and study, but according to research conducted by Paychex for its guide on cybersecurity, cyberattacks on small and midsized businesses are on the rise from the 70-plus percent in 2020. However, a recent report by CNBC based on their study showed that 56% of small-business owners say they are not concerned about being the victim of a hack in the next 12 months, and only 28% have a response plan in place in the event of a cyberattack.

This confidence that an attack won’t occur flies in the face of the 2021 Hiscox Small Business Cyber Risk Report that found many businesses experienced more than one cyberattack in the past year, and 1 in 6 businesses said an attack threatened their survival. The report found that small businesses in particular felt a substantial impact from cybercrime, with some small firms suffering losses of up to $308,000.

Is your business prepared to withstand a cyberattack? Having a strong cyber security posture can help your organization defend itself against cyberattacks, secure important information related to the business and your customers and maintain the integrity of your business.

<iframe allow="autoplay *; encrypted-media *; fullscreen *; clipboard-write" frameborder="0" height="175" style="width:100%;max-width:660px;overflow:hidden;background:transparent;" sandbox="allow-forms allow-popups allow-same-origin allow-scripts allow-storage-access-by-user-activation allow-top-navigation-by-user-activation" src="https://embed.podcasts.apple.com/us/podcast/cyber-security-what-small-businesses-need-to-know/id1507824762?i=1000583429510"></iframe>

Cyber Security Tips for Your Business

Cyber security can be defined as the practice of defending computers, servers, mobile devices, electronic systems, networks, and data from malicious attacks, unauthorized access, or criminal use. The Small Business Administration (SBA), the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Trade Commission are excellent resources that offer additional tips for combating cyberattacks.

IT experts agree that employees are often the weakest link in the fight against cybercrime. They often make critical mistakes because they lack the knowledge and training to recognize warning signs or avoid improper behavior while working online.

Here's a list of tips to aid in cyber security training and greatly enhance the security of your business data:

Cyber Security Dos

• Use strong passwords and regularly change them. Also, use strong password managers (security questions)
• Use good internet browsing practices
• Keep software up to date, including latest anti-spyware and anti-virus software, that secures your computers, phones, and tablets
• Enable authentication tools (e.g., authentication apps, multi-factor authentication, and more)
• Enable your operating system's firewall, which can prevent outsiders from accessing data on a private network
• Limit access to PII and PHI. Only employees whose job responsibilities explicitly require access to Personal Identifiable Information (e.g., Social Security number, bank account number) and Protected Health Information (e.g., health records, other medical information) should be granted it.

One key component is to provide cyber security tips for employees such as training and encourage reporting of suspicious emails or online content. Implement regular courses through a Learning Management System and update the training regularly.

Cyber Security Don’ts

• Downloading software from the internet or clicking on internet links that launch websites or web ads
• Don't respond to emails, open email attachments, or click links embedded in emails that include typos, spelling errors, incorrect grammar, or pop-up windows. Beware of suspicious subject lines and "urgent" calls to action.
• Don't enter personal or financial information into web forms that don't come from a trusted source.
• Don't respond to the IRS by email or social media. The IRS does not initiate contact with taxpayers by email, social media, or even by phone. Any contact in this manner is a scam.

What are the Risks of a Cyber Security Threat?

Cyber security threats loom over every business, large and small. And the proliferation of connected systems and devices makes cybercrime and disruption more tempting for those intent on committing a crime. A story reported by the BBC in February of 2022 cited new analysis that nearly 75 percent of the money made from ransomware attacks in 2021 went to hackers linked to Russia, and other statistics report that ransomware in Russia is a projected $21 billion industry in 2022.

In the event of a business cyber security breach, there are many potential ramifications for an organization. Some of the consequences might include:

• Revenue loss: Shutting down a compromised website could hinder sales or cause website visitors to take their business elsewhere. Repairing damaged systems could come with a hefty price tag. Hiscox found that 71% of U.S. firms targeted in a ransomware attack paid a ransom to either recover data or to prevent publication of sensitive information.
• Reputational damage: The Hiscox report also noted that nearly a quarter of businesses that were attacked received negative publicity as a result.
• Regulatory costs: With recent laws enacted such as the California Consumer Privacy Act (CCPA), businesses could face penalties in the wake of a security breach. Hiscox reported that 18% of U.S. firms targeted paid a substantial fine that had a significant impact on the financial health of the business.
• Lost customers: A security breach can impede an organization's ability to attract and keep customers. Hiscox reported that 19% of respondents who suffered a cyberattack lost customers, with nearly just as many (18%) saying they had greater difficulty attracting new customers after the fact.

Types of Cyber Attacks You Should Know About

Digital malicious attacks come in an array of forms. Innumerable computer viruses, codes, and applications of malware are unleashed on the public every single day. Some of the most common and dangerous forms employ similar tactics.

Smishing

Smishing is the latest technique by bad actors to gain access to information. It’s like phishing but comes via text where there are fewer protections in place and uses all the hallmarks of phishing; demands for urgency, appearance that text is coming from trusted source, links to malicious websites.

Phishing or Business Email Compromise

One of the most invaluable business cyber security tips is handling any suspicious email with great care. Experts urge people looking at iffy emails to hover over hyperlinks (without clicking on them) to determine whether they'll send you to an unfamiliar or suspicious web page. If it is an email that originates from your ISP, bank, or credit card company, remember that these institutions will never ask for sensitive information like your password or Social Security number. According to FBI statistics for 2019, business email compromise accounted for $1.7 billion in fraud losses.

Malware (Adware, Spyware, Ransomware)

These insidious attacks assume many guises, the most pernicious of which is called ransomware. When opened, this malicious software seizes crucial files and keeps those files "hostage" until the victim pays ransom to decrypt them. Ransomware gets into a business system when unsuspecting users:

• Download materials from a compromised website.
• Open a fraudulent email attachment.
• Employ an unauthorized USB stick or some other external media device.

Social Engineering (Identity Theft)

Cyber criminals exploit our natural tendency to trust a message we receive and/or assist someone we believe to be in need. If someone you know sends you an email containing a link they want you to click on, or an attachment contains what you're told is a photo or other attachment they want you to see, don't do it if there's the slightest suspicion that something's wrong.

Distributed Denial of Service (DDoS)

Cyber criminals barrage a company's server, overwhelming it so that it slows significantly or even crashes. The system stops working at this point. This is perhaps the most common form of assault on cloud infrastructure and storage.

Password attacks (or Brute Force)

This type of cyberattack occurs when a hacker uses software to determine (and then steal) working passwords.

Data leaks

A data leak, which is the intentional or unintentional release of secure or confidential information to an untrusted third party, can damage both a business as well as its employees and customers.

Viruses

There are many ways that a computer virus can spread: a user can open an attachment in a phishing email, run an executable file, visit an infected website, or use an infected removable storage devices, such as a USB drive.

Develop an Effective Cyber Security Plan

Cyber security for your business could be simplified to mean just good decision-making. And not just by employees but by business owners as well. Think: Have you taken the cyber security threats seriously enough? Do you have up-to-date software to protect your business from the types of cyberattacks that could catastrophically damage it? If the answer is no or you're unsure, develop a cyber security plan.

These tips might increase the odds of adequate data protection in your favor:

1. Regularly assess existing risks and update IT systems.

It's essential to conduct a thorough assessment once a year (or every six months, preferably), with an emphasis on exposing vulnerabilities of those key assets containing confidential information and intellectual property. Also, commit to routine maintenance and regular software updates on all company devices.

2. Back up your systems in the cloud.

Businesses with a cyber security plan that store data properly are far less vulnerable to ransomware. Files should be backed up daily in multiple secure locations, such as the cloud or a hybrid data center, to ensure you have continual, uninterrupted access to the data you need if an attack occurs.

3. Undertake an aggressive employee cyber security training program.

Security is frequently compromised by user mistakes or carelessness. Consider implementing a cyber security training program that takes place on a regular basis so employees understand how critically important it is to maintain vigilance and to use good judgment with sensitive business data.

4. Install mobile-device security measures.

Use of mobile devices to work and communicate throughout the company increases the likelihood of a malicious attack because the channels are unsecured. Establish policies to:

• Restrict the types of information these devices can access and share
• Determine whether mobile devices provided by the business can be taken off-site
• Enforce network access control, whereby employees can access your business's VPN and email in a secure, reliable manner.

5. Plan a response to an unauthorized intrusion.

A comprehensive incident response plan that stresses the need to immediately contact the help desk or IT team might significantly curtail the effects of an attempted data breach. Taking a proactive, strategically defensive stance can typically minimize the risk to your business and customers, enabling you to continue to focus on other vital aspects of operations.

Make Sure Your Business is Protected from a Cyberattack

Your current business insurance coverage might not include the range of expenses incurred by many types of cyberattacks — from interruption of business operations and the need for customer notifications to comprehensive security upgrades and the effort required to restore your company's damaged brand. For these reasons, consider cyber liability insurance as part of a broader cyber security plan and in tandem with your regular business insurance and employment liability policies.

An effective cyber security policy can help secure business interruption protection and cover legal fees incurred by judgments or settlements. Contact a professional to learn more about cyber liability coverage.

Managing employee time-off requests can be challenging, particularly during a business's peak season. Managing paid time-off requests can also be tricky during other periods where “all hands-on deck” are needed from employees.

Employee motivation and productivity can be enhanced when employees get to enjoy a well-deserved break from the workplace. At the same time, managers are responsible for coordinating team projects and meeting operational deadlines.

How, then, do you manage paid time-off requests, especially when there are conflicting needs? Here are a few tips on effectively managing your employees' time-off expectations while continuing to maintain operations.

1. Plan Far in Advance

Many employees know months ahead of time when they need to take time off for birthdays, vacations, family get-togethers, or other personal commitments. Recognizing this, ask employees to submit time-off requests as early as possible.

Consider establishing a framework to encourage — outside of emergencies — PTO requests to be submitted well in advance of the desired time. Planning ahead can enable you to better address staffing gaps or other issues as they arise.

2. Have a Clear, Documented PTO Policy

Companies should have a clear, documented PTO policy that gets communicated during new employee orientation, as well as included in the employee handbook.

Make sure the policy clarifies:

• The amount of time off employees accrue
• When they can take it
• How far in advance requests must be submitted
• What approvals are required

Finally, highlight any busy periods where it may be more difficult — or even impossible — to get PTO requests approved, like around certain holidays. Make sure to set clear expectations around your company’s staffing needs and ensure that everyone understands the policies and approval process. When necessary, have employees inform you which holidays they are willing to work versus which ones they would prefer to have off.

Managing employee time-off requests may feel overwhelming. Investing in a time and attendance solution can help you gather and track attendance efficiently, and keep you more informed and organized regarding each employee's schedule.

3. Create a Uniform Way for Employees To Submit Time-Off Requests

A uniform method for submitting PTO requests is an essential step in standardizing the process (and ensuring that few, if any clerical mistakes are made) and effectively managing employee paid time off. It's also important to note that most time-off requests should be submitted in writing. A manager's verbal approval may not be considered as a replacement or in lieu of a written request.

Written documentation may need to be submitted with the aim of supervisors accurately (and fairly) managing employee PTO.

A typical time-off request form should include:

• Employee name and department
• Reason(s) for requesting time off
• Dates requested
• Employee signature

The time-off form should also include space for the employee's manager to accept or decline the request, and room for their comments explaining the decision.

This uniform approach mitigates the risk of misunderstandings concerning date and time of a request. It also establishes a specific procedure in which employees should make their PTO requests.

4. Post a Calendar for Everyone To See

In a public area of the workplace or online, post an easy-to-understand calendar reflecting time off that has already been submitted and granted.

An up-to-date calendar can help alleviate any possible frustration from employees asking for time off on days already booked by others. It also helps identify when it may be necessary to recruit and hire additional seasonal help.

5. Develop Coverage Strategies for Different Jobs

Not all employee roles work the same way. For example, a delivery driver with established client relationships may be harder to cover than a customer service representative. Determine which responsibilities must be covered while the employee is out of the office and who has the capabilities to provide coverage.

Before an employee goes on vacation, have a clear list of what needs to get done.

Key information to share in these circumstances includes:

• A description of current projects in the works
• Overall job responsibilities
• Essential contact information
• A checklist of other to-do items

Train the people who are covering the tasks and assign a point of contact for help, should questions arise.

6. Offer Incentives To Cover Busy Periods

Many employers offer incentives or premium pay to employees who agree to work during high-demand times. Offering a small bonus or higher hourly rate during a busy period may incentivize employees to hold off on using their paid time off until a less busy time comes up.

It may be worth asking your employees what type of non-traditional benefits they would value. Also, consider whether coverage is essential during certain parts of the calendar year and whether incentives can help relieve critical staffing challenges during those times.

7. Accept That You Can't Please Everyone

It's often a difficult reality, but a final consideration is accepting that you may not be able to please everyone and grant their paid time-off requests.

For example, if many employees want to take off the Fourth of July holiday, then compromises may need to be made to ensure that the critical needs of the business are covered. What's most important is that company vacation policies and processes are organized, fair and equitable, and in compliance with federal, state, and local laws. With an established and smart system in place, you can accommodate employee needs while addressing the needs of your business.

Company PTO policies and processes should be organized, fair and equitable, and in compliance with federal, state, and local laws.

Still Having Trouble Managing Time Off? Time Tracking Can Help

Though PTO is important to your employees, handling scheduling demands, especially during high-activity periods, can be stressful. Consider using advanced timekeeping solutions to help you properly track employee time, attendance, and paid time off.

Every business depends on the talent, morale, and productivity of its employees. Having a clearly defined system for managing employee time-off requests can enhance employee satisfaction and help keep morale high.

Throughout 2020 and 2021, many small businesses endured extraordinary hardships to keep their doors open. With all its challenges — the COVID-19 pandemic, the turmoil over nationwide social justice protests, an acrid and divisive election cycle, labor shortages, and numerous natural disasters — the last two years were some of the most difficult for small businesses in history.

The years' disruptions led many business owners to adapt to the times and operate with impressive levels of flexibility. As 2022 gathers momentum, new small business trends are both anticipated and expected. Understanding these upcoming business trends can help small businesses prepare for new challenges while accepting that the employee and customer landscape has likely been permanently altered. Here are seven small business trends to know for 2022.

Notable Small Business Trends in 2022

While the larger societal issues impacted the business environment in dramatic ways, seven distinct business trends emerged in the workplace and among customers.

1) Increased Focus on Sustainability

In a growing response to catastrophic weather events, multiple oceanic garbage patches, the increasing rate of extinction, and the seven hottest annual global average temperatures recorded in the past seven, consecutive years since 1880, consumers are concerned. What does that mean for employers regarding small business trends 2022? A September 2021 survey conducted by the National Retail Foundation (NRF) and IBM found that 62% of the 19,000 survey respondents are willing to change their purchasing habits to reduce their environmental impact. On the hiring side, nearly 68% of employees reported they are more likely to apply for jobs with environmentally responsible organizations, with 48% willing to accept a lower salary.

Employers are responsible for implementing meaningful change in their business practices to reduce the environmental impact of their business model. Look for opportunities to reduce the energy consumption and greenhouse gas output of your supply chain, assess your internal practices to reduce waste, embrace remote or hybrid workplaces for employees, and evaluate your own business's long-term environmental impacts in the form of packaging and product lines. Ultimately, these are measures that can help your business gain a hiring advantage and increase its own resiliency through being more efficient and responsive to environmental pressures.

2) E-Commerce Remains Important in the Hybrid Shopping Method

The pandemic accelerated a shift from brick-and-mortar stores to digital shopping. From groceries to clothing and other consumer goods, shopping entirely online with the option of home delivery or curbside pickup gives customers convenience, efficiency, and increased peace of mind over personal safety. However, now that we are two years into our new normal, consumers' shopping habits are shifting. Whether driven by increased awareness to reduce monetary and carbon costs associated with shipping, support their local economy, or engage with others, consumers are embracing a hybrid approach to shopping. This includes interchanging visits to brick-and-mortar stores, using mobile apps, and shopping online to make choices that support their needs and beliefs.

To ensure success, small business owners should make sure they have a mobile-friendly, easy-to-navigate website with e-commerce options that allow consumers to quickly find what they want and purchase products or services from their mobile devices. As many as 72% of consumers rely on stores as their primary buying method, according to the 2021 NRF survey. Look for ways to continue the convenience of blending the two such as curbside pickups, and make sure your in-store customer service leaves customers with a positive experience.

3) Customers Will Continue To Seek Alternative Payment Options

When it comes to how people pay for goods and services, the pandemic has been both a disrupter and a catalyst in how money is exchanged. In the last two years, businesses have moved toward alternative payment options (e.g., mobile pay applications, contactless credit, and debit cards). Contactless payment options will not be going away in 2022. In fact, small business owners should be prepared for the demand to increase in the form of applications, cryptocurrencies, mobile wallets, and wearable devices. If they haven't already done so, it's critical that small businesses research contactless payment options.

4) Customer Service Will Need To Be Personalized and Empathetic

In many ways, the stresses of 2020 and 2021 have been a shared experience across the nation and world. Many people have found the need for increased compassion and understanding as they cope with the anxiety caused by the events of the last two years. When it comes to choosing where to spend their money, consumers are prioritizing an empathetic, personalized experience in addition to high-quality products and services.

Staffing shortages throughout 2021 found many customers frustrated with a plague of endless phone trees, unresponsive providers, and automated services that made it difficult to speak to a human being. According to Accenture Global Consumer Pulse Research 2021, 25% of 25,000 consumers across 22 countries said many companies disappointed them by not providing enough support and understanding of their needs during challenging times. The report said these customers are ready to abandon brands that don't support their values. Customers want empathy; that comes from understanding them and speaking directly to their needs and concerns while being clear about the business's purpose and vision across all forms of operations, communications, and practices. Meeting employee well-being expectations is crucial to attracting and retaining talent during times of labor shortages. Doing so can help you create a workforce that takes care of your customers.

5) Businesses With Virtual and Digital Services Will Continue To Be in Demand

Not only were many people sequestered at home for long periods of time during 2020 and 2021, but offices, stores, gymnasiums, restaurants, and entertainment venues found they were required to either halt or dramatically reduce in-person service, with many only recently opening back up to normal capacity. As a result, demand for technology and virtual offerings soared. Businesses that were in particularly high demand included:

1. At-home fitness
2. Cyber security
3. Food delivery
4. Gaming
5. Remote work software
6. Virtual events
7. Medical services
8. Continuing education

Just as customers are embracing a hybrid approach to their shopping, they will want the same convenience for services. The demand for digital services and digital innovation is sure to continue even after the pandemic subsides. Small business owners and entrepreneurs stand to benefit from this business trend by either pivoting their current practices, expanding their existing business, or launching a new one in one of these in-demand fields.

6) Remote Work Will Continue

Within the span of a few weeks, the pandemic transformed mobile workforces from being an emerging trend to a critical organizational practice that enabled businesses to keep their workers employed and revenue flowing. Employees have long expressed interest in working remotely and have proven to be happier and more productive when given the opportunity to do so. Many business owners have embraced this, and many business owners may plan to continue offering long-term remote work options. One of these options includes the hybrid work space, which seeks to capture the best of both worlds. Business owners continue to have much to gain from incorporating remote work options. Their ability to retain talent and compete for top talent in the future depends on it. How to incorporate and manage a remote workforce for the long-term continues to evolve, and will require small business owners to invest in additional technology and software solutions moving forward.

7) Consumers Will Support Small Businesses

Despite their resiliency and determination throughout the pandemic, many local businesses struggled to stay afloat. Customers noticed and made concerted efforts to channel their spending power to help support local small businesses. To capitalize on this trend, small business owners should consider adopting a local marketing strategy and boosting their social media presence to communicate the business's purpose and values along with high-quality services and products. Supporting local businesses can also help customers be more environmentally conscious and beneficial to their local community.

Using Business Trends of 2022 To Drive Your Success

Small- and medium-sized businesses have demonstrated their fortitude and remarkable ability to adapt as necessary under extraordinary circumstances. Businesses looking to rebound after the past two years should consider emerging small business trends that are likely to continue for the long-term. To meet this imperative, small business owners may be able to outsource many of the duties that require valuable time and resources, such as HR administration, payroll, and assistance with regulatory compliance.