Blogs

A cyberattack can cost a business millions of dollars, harm its reputation, and lead to higher prices for customers. While cybercrimes, including data breaches, against large, high-profile organizations make headlines, small employers are often the most vulnerable to attacks. According to the U.S. Small Business Administration (SBA), smaller organizations “typically lack the security infrastructure of larger businesses to adequately protect their digital systems for storing, accessing, and disseminating data and information.”

If the prospect of a cyberattack against your small business occasionally keeps you up at night, consider basic cybersecurity training that is reinforced through company policies. Here are a few essential tips to share with employees during training:

• Create strong passwords that are truly unique. Security can be enhanced by IT requirements to change passwords every 90 days or passwords that must contain different types of characters. Still, beware: Even using different types of characters didn’t stop the U.S. Department of Interior from being hacked when employees had weak passwords like Password-1234.

• Look at the actual email address before following any instructions. If, for example, a new employee gets an email from the executive director asking them to buy $2,000 worth of gift cards and send on the serial numbers, the employee should know to check that the email address is actually from the head of the organization. Most often, it will not be, as the above scenario is a common scam. Even better, the employee can call the executive director to make absolutely certain.

• Think carefully before clicking on a link in an email. And, if it’s too late for that, do not send any information to that link without checking with a supervisor or the IT department first. Nearly everyone has seen this type of email, and too many have sent personally identifiable information (PII) that is used to drain bank accounts. Employees may inadvertently put employer assets at risk.

The websites for the SBA and the Federal Communications Commission (FCC) offer additional cybersecurity tips for small businesses. Learn how human resources professionals can help bolster cybersecurity in this Employers Council whitepaper.

Diligent and ongoing training can protect the assets of employers, employees, and customers. Cybersecurity best practices should be standard knowledge at your organization, repeated so often and expressed so clearly in company policies that employees get tired of hearing about them. If you have any questions, please contact Employers Council.