Author: Laurey West, SHRM-CP, Director of Operations

Recently the payroll software platform we use was a victim to ransomware. This disrupted services for over 80,000 small businesses across the United States including our company and clients we represent. Fortunately, measures were taken prior to the attack to mitigate the risks of confidential information being shared with the dark web and/or other criminals.

Our company has an onsite Information Technology consultant that works with us to ensure all information remains safe and protected at all times. We wanted to share with you some easy tips to help protect you.

First and foremost, make sure your hardware, software and anti-virus software is up to date and that you have secure firewalls set up. Our company is regularly updating our anti-virus, anti-malware, maintaining firewalls and consistently watching for any suspicious activity including monitoring our firewalls and reporting all suspicious emails to our IT consultant before opening.

You should make sure that if your employees are using software on another WiFi network they are using a secure connection. Also, make sure any personal devices your employees use for business activities contain anti-virus and anti-malware software and have your IT consultant or outside IT company audit the device frequently.

Some easy tips are covering your cameras on your devices when not in use to avoid outside sources taking video or photos of your keystrokes to obtain confidential information.

We also change our passwords for all software frequently using a a mixture of letters, number and symbols and altering upper and lower case letters. Make sure you are not using the same password. Don’t use the next number if you have your passwords set up with numbers whether it be on the front, middle or end of your password. Do not use birthdays, kids’ birthdays, animal names or common names or dates of any kind – no personal or predictable information should be used.

Don’t leave passwords posted around the office or around the office. Passwords should be kept in a locked, confidential area or stored on a software that provides secure password protection.

When making purchases make sure you are on a legitimate website. Don’t buy from a link. Visit the advertised website instead and purchase from the website and only after verifying it is a legitimate business. When you use your credit card to pay for a product make sure it is secure by checking to see if the page web browser address begins with https://. It is not a bad idea to read reviews before making purchases, too. Phishing scams are on the rise, so be very cautious when sending any confidential information to outside parties.

Another measure we take is to always contact individuals by phone prior to signing any e-documents to confirm the person requesting is with a business we are engaging with.

Small businesses may think they are safe; however, recent studies have released statistics that 71% of cyber attacks occur in businesses with 100 employees or less. It is critical for all small businesses to put a security plan in place. We work with our clients to create policies to educate their staffs about security safeguards and to have an incident response plan in place should there be a security breach. Our goal is to help our clients mitigate the risk of a software attack and disruption of business.

The PEO industry has seen an increase in payroll fraud attempts. We carefully research all prospects including checking addresses in Google, calling phone number(s) on website and speaking to the person requesting the quote, and we require our sales consultant to have an in person meeting at the prospect’s physical business. In addition, we require that all new clients pay for all payroll transactions by reverse wire for the first three months to establish a positive financial history before we allow a client to pay by ACH. We report all fraudulent attempts to the National Association of Professional Employer Organizations and the FBI’s Internet Crimes Complaint Center.

It may take a little extra time and money to do the things I have mentioned above but very important when it comes to protecting your business.

Legal Disclaimer:
Employee Resource Administration, L.P. has made this web site and the materials shared on it available to the general public for informational purposes only. We are not employment lawyers or licensed to practice law; therefore, it is important for you to know that the information provided is not a legal opinion or legal advice of any kind. The content of this web site contains general information and may not reflect current legal developments, employment law verdicts or settlements. Employee Resource Administration, L.P. expressly disclaims all liability in respect to actions taken or not taken based on any or all of the content of this site. We recommend seeking professional legal counsel before acting on any information provided in this web site.