| 1 min read

Cyber Attacks Often Aimed at Small Businesses

Read More

It seems every month we are reading about another cyber attack at yet another large corporation. Because the stories we most often hear about involve big names like Equifax, Marriott or Yahoo it is common for people to consider cyber attacks a "big business" problem. The reality, however, is quite the opposite.

A 2018 study done by Keeper Security Inc. found that:

  • 67% of small and medium-sized businesses (SMBs) experienced a cyber attack in the past 12 months
  • 58% of SMBs have experienced data breaches involving customer and employee information 
  • Among SMBs that had been attacked, an average of $1.43M was spent due to the damage or theft of IT assets

Despite the frightening statistics laid out above, too many SMBs have convinced themselves that they aren't a target because they aren't "big enough" to be on the radar of cyber attackers. Yet the fact is that hackers looking to steal information or to extort you, don't discriminate on the basis of company size. And while many large businesses can survive a cyber attack the same is not true for many SMBs where the cost, or damage done to their reputation, is simply too much to come back from.

Before you get too upset by all this bleak news, take note that there are some specific things SMBs can do to help protect themselves. 

Develop Strict Password Rules

Employee passwords should have strict rules and expiration requirements, as well as limits on the number of allowed failed login attempts. When passwords are created or changed they should also be encrypted before being stored in the cloud. And of course, make sure to follow your own rules. What good is a password policy if it isn't strictly enforced?

Enable Multi-Factor Authentication (MFA)

Manager and employee access to HRIS systems should be configured with MFA. MFA verifies a user’s identity during the login process, offering an additional layer of security and helps safeguard against unauthorized access to information. Some common MFA scenarios are swiping your card and then entering a PIN, or logging into a site and then answering a security question or providing an additional one-time password that has been sent to your email or cell phone.

Encryption and Ongoing Monitoring

To ensure that data can't be captured while in transit or at rest, make sure that all sensitive data is encrypted before being sent to or stored in the cloud. In addition, the cloud should be actively monitored 24/7/365 to protect against data breaches and cyber attacks.

Centralize and Outsource to a PEO

By outsourcing your HR, Payroll, Benefits, Compliance and Risk Management functions to a PEO, not only can you streamline your day-to-day tasks, but you can also capitalize on technology you may not have access to otherwise. A good PEO should help you to automate your repetitive administrative processes, and provide you with a platform that employs the security measures noted in the list above.

Train Your Staff 

Your employees should know that they play a huge role in keeping company data secure. Have annual, company-wide training to teach your team about phishing, common tactics hackers use, and make sure they understand the importance of not reusing passwords. Also add this training element to your onboarding process and to your New Employee Orientation Checklist.


Small and medium sized businesses are just as much at risk (if not more so) of a cyber attack as a large company but they often have even more to lose. Plan ahead and make your company's cyber security a top priority.

All Posts
Jennifer Eddlemon, aPHR
Jennifer Eddlemon, aPHR
Jennifer is a licensed life and health agent with over a decade of experience in the insurance industry, and an aPHR certification. Outside of the office she loves horseback riding, volunteering, and spending time with her family.

Related Posts

Tips for Success Before You Jump Into Entrepreneurship

If you were to ask 10 different entrepreneurs why they took the leap into business ownership, you’d get 1...
Continue Reading

5 Ways to Lower Labor Costs-- Without Cutting Staff

One of the most-asked questions by business owners everywhere is, “How can I lower my operating costs?” I...
Continue Reading

Leave a reply

Human Resources Today