Think your small business is safe from cyberattacks? Think again.

February 9, 2016|Steve Hyde

We’ve all gotten the email from the Nigerian prince promising $8 million if we just hand over a few basics about our bank account. Hopefully none of you fell for that scam, but the emails are getting more complicated: Microsoft telling you there’s an emergency update. FedEx needing details on a package delivery. Even a friend’s email telling you about a hilarious video they found on YouTube. You click on the link…and the scammers are in.

Media reports abound with reports of hackers attempting to access sensitive personal information from both individuals and businesses—the IRS just issued a special alert this week for payroll and HR professionals.

It’s not a matter of if your business will be a victim of cyberattack, but when. Hackers are increasingly attacking smaller businesses, which they consider to be “easy targets,” instead of executing lengthy hacking attempts into large corporations. Without the proper security and defense measures, it is only a matter of time before your business contributes to the billions of dollars lost every year due to this very real danger.

Take these steps now to help prevent loss due to hackers, viruses, malware or a data breach.

  1. Install antivirus and antispyware software on every computer and keep it updated. Ensure mobile devices that can access company information (such as email) are also password protected and can be remotely wiped if the device is stolen.
  2. Educate employees in cybersecurity principles:
    • Require strong passwords that need to be changed at least every three months.
    • Always lock computers when not in use, even in the office. And don’t even think about having a Post-it note on your monitor or underneath your keyboard with your password on it!
    • Never click on any link or attachment received via email if you are unsure of where it came from.
    • Establish appropriate Internet use guidelines.
    • Never email confidential information. Instead, ensure that the files are encrypted before transferring.
    • Have employees review the security training guidelines on an annual basis to refresh their memory on best practices.
  3. Use a firewall to filter traffic between your company and the Internet. Many firewalls are consistently updated to block traffic to harmful sites, and can prevent users from downloading malicious files.
  4. Install the latest software patches and updates for your operating systems and applications. Your software vendors should be continually updating their core systems and functionality to ensure private information remains secure and there are no security gaps allowing access to hackers.
  5. Make backup copies of important business data and information.
  6. Control physical access to your computers and network. Many hackers are quite adept at social engineering—charming their way past other employees and managing to get onto your network from an open computer.
  7. Secure your Wi-Fi networks. If you have a Wi-Fi network for your workplace, make sure it is secure, encrypted and hidden.
  8. Require individual user accounts for each employee.
  9. Limit employee access to data and information, and limit the authority to install software.
  10. Payroll is becoming an increasingly important target to hackers. Make sure your payroll department reviews any changes to the system prior to each payroll. Once the money has been sent, it’s extremely difficult to get it back – many times being diverted to debit cards or off-shore accounts.
  11. Consider having a third-party perform a penetration test or security audit on a periodic basis. Tests like these can help you understand current vulnerabilities in your network and build a security plan to add to your defenses.

Because of the nature of work that we do at Schenck—oftentimes handling confidential information—cybersecurity is of utmost importance to us. The tips laid out here are your best defense against cyberattacks.

Contact Steve Hyde at 920-996-1292 or steve.hyde@schencksc.com, or any member of Schenck’s Risk Services team, for more information on the steps your business should take to secure your data.


Steve Hyde, MS, MBA, chief information officer and director-information technology services, has more than 20 years of technology-related business experience including business process redesign, hardware/software assessment and implementation, PMO creation and project management methodologies, metrics/dashboard creation, and designing technology strategy and controls.